| UdoAssus | 20.07.2012 05:50 |
Win7 mit GVU-Trojaner 2.07 infiziert
Guten Tag.
Vor ein paar Stunden erschien plötzlich dieser Bildschirm: https://www.bsi-fuer-buerger.de/SharedDocs/Bilder/DE/BSIFB/Schadprogramme/GVU-BSI-Trojaner-Webcam.jpg?__blob=poster&v=3
Wenn ich nicht irre, handelt es sich dabei um den GVU-Trojaner Version 2.07.
Durch einen Druck auf den On/Off-Knopf meines PC (sicher nicht die eleganteste Lösung :D) und anschließendem Abbruch des Herunterfahrens ließ sich das Fenster schließen und der PC wieder voll nutzen. Ich habe ihn seitdem nicht heruntergefahren, da andere User über Komplikationen beim Hochfahren infolge des Virus berichten. Jedenfalls habe ich mit anschließend ähnliche Threads durchgelesen und infolge dessen bereits mit Malwarebytes Anti-Malware einen Scan durchgeführt mit diesem Ergebnis: Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.19.15
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]
20.07.2012 02:24:35
mbam-log-2012-07-20 (02-24-35).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 602905
Laufzeit: 2 Stunde(n), 30 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\***\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Ich habe beide Dateien löschen lassen und daraufhin einen Scan mit Oldtimer durchgeführt. Ergebnis: Code:
OTL logfile created on: 20.07.2012 05:10:57 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Yannik\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free
6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mumble\murmur.exe (Thorvald Natvig)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Wippien\Wippien.exe ()
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Programme\Wippien\Wippien.exe ()
MOD - C:\Programme\Mumble\mumble_ol.dll ()
MOD - C:\Programme\Mumble\libprotobuf.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qtiff4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qsvg4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qmng4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qico4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qgif4.dll ()
MOD - C:\Programme\Mumble\QtGui4.dll ()
MOD - C:\Programme\Mumble\QtNetwork4.dll ()
MOD - C:\Programme\Mumble\QtSvg4.dll ()
MOD - C:\Programme\Mumble\QtSql4.dll ()
MOD - C:\Programme\Mumble\QtXml4.dll ()
MOD - C:\Programme\Mumble\QtCore4.dll ()
MOD - C:\Programme\Mumble\libmysql.dll ()
MOD - C:\Programme\Mumble\bzip2.dll ()
MOD - C:\Programme\Mumble\zlib1.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Wippien\Emoticon.dll ()
========== Win32 Services (SafeList) ==========
SRV - (gupdatem) Google Update-Dienst (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) Google Update-Dienst (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ononxabo) -- C:\Windows\System32\drivers\lmtguo.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (wod0205) -- C:\Windows\System32\drivers\wod0205.sys (WeOnlyDo Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Spyder2) -- C:\Windows\System32\drivers\Spyder2.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 58 71 D6 06 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 11:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 14:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.09 23:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.30 17:11:36 | 000,000,000 | ---D | M]
[2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9672DFD6-FCB2-45E2-926A-0AEAE31E9D0A}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF5641D-53E8-47DC-BA5B-D83B0EBF0C36}: NameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.20 05:07:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.20 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.20 02:23:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.20 02:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 02:22:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.20 01:57:41 | 000,000,000 | ---D | C] -- C:\Users\***Desktop\Trojanerverdacht
[2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.19 00:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012.07.17 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.16 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.07.12 14:56:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll
[2012.07.12 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2012.07.12 14:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2012.07.12 00:57:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:59:19 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 21:59:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 21:59:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.07.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.10 19:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.10 19:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\atitray
[2012.07.10 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ray Adams
[2012.07.10 17:27:36 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.07.10 15:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2012.06.28 16:57:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anno 1701
[2012.06.28 16:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
[2012.06.28 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Anno 1701
[2012.06.23 01:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.06.22 16:38:58 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 16:38:58 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 16:38:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 16:38:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 16:38:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 16:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 16:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
========== Files - Modified Within 30 Days ==========
[2012.07.20 05:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 05:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.20 05:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 04:56:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lmtguo.sys
[2012.07.20 03:04:55 | 000,460,800 | ---- | M] () -- C:\Users\Yannik\murmur.sqlite
[2012.07.20 02:23:45 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.20 02:22:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.20 01:50:36 | 101,771,502 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.20 01:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 01:34:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.20 01:33:05 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat
[2012.07.19 22:00:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 14:44:44 | 000,001,872 | ---- | M] () -- C:\Users\Yannik\Desktop\Crysis2.lnk
[2012.07.19 13:20:07 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 23:37:40 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 23:37:40 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 23:37:40 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 23:37:40 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 18:16:36 | 000,360,258 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.07.16 21:30:41 | 000,004,158 | ---- | M] () -- C:\Users\Yannik\AppData\Roaming\wklnhst.dat
[2012.07.12 19:15:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 19:15:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 14:59:15 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk
[2012.07.12 12:26:10 | 000,365,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 17:31:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf
[2012.07.10 16:28:29 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.07.09 22:08:19 | 000,008,421 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.07.06 12:24:05 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.28 17:04:25 | 000,083,872 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.06.28 17:04:25 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.23 13:08:08 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk
========== Files Created - No Company Name ==========
[2012.07.20 04:56:04 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lmtguo.sys
[2012.07.20 02:23:45 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.20 01:33:05 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat
[2012.07.20 01:32:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.19 14:44:44 | 000,001,872 | ---- | C] () -- C:\Users\***\Desktop\Crysis2.lnk
[2012.07.16 21:42:11 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.07.16 21:42:11 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.07.16 21:42:11 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.07.12 14:59:15 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk
[2012.07.10 17:31:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf
[2012.07.09 22:08:19 | 000,008,421 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.07.02 14:48:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.28 16:41:35 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.06.28 16:41:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.23 13:08:08 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk
[2012.06.11 18:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.06.11 18:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.04.06 23:55:25 | 000,055,026 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.22 22:24:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.08.22 22:20:41 | 000,038,251 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.08.20 12:15:55 | 000,460,800 | ---- | C] () -- C:\Users\***\murmur.sqlite
[2011.08.17 19:04:56 | 000,004,158 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2011.08.16 19:44:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.14 14:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== LOP Check ==========
[2012.02.15 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.06.23 15:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2012.01.30 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2011.08.22 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.08.17 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2011.12.24 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.12.23 21:42:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.09 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Language
[2012.02.25 00:22:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2011.11.29 22:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios
[2012.04.21 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade
[2011.09.01 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.07.20 03:04:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2011.08.14 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.03.08 22:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2011.10.08 22:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.08.14 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Yannik\AppData\Roaming\Wippien
[2012.05.15 19:33:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
und Nr. 2: Code:
OTL Extras logfile created on: 20.07.2012 05:10:57 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free
6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EFDFCE-4126-4D54-8CDC-E0A024CCF834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06588F67-DDAA-41E5-BD49-D0A22382302B}" = lport=137 | protocol=17 | dir=in | app=system |
"{06C40A16-8B5F-4974-80B8-BFB154E73CD1}" = lport=25565 | protocol=17 | dir=in | name=minecraft-server |
"{08BC5D9E-BC02-41C1-B9BB-2FA987CA7789}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B6449AF-00A6-49AD-96A7-B704CFDB3D6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15D72D08-0118-466B-8882-B321315FF167}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{16092EE6-7FBF-466B-A544-668884F832C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D3C475C-FBBB-49A3-BDCC-AE1197ACD573}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D74C054-95F9-4D72-9733-3C197438FD92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49C74D9D-A812-4FC6-A03A-20B0E384AFEE}" = rport=25565 | protocol=6 | dir=out | name=minecraft-server |
"{5D79BE25-A221-4602-8896-489BC659FDB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{603983BF-791A-4FE2-82B8-6032E10D21EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62F2EB9C-E2AF-495D-86C6-ABE16851B3A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{65FF989D-817E-45DE-B4D1-9928F106D4BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{7ACF4472-4831-491D-B846-701B21A8E7E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6746FF-4D44-46BE-91D5-C29512ECD563}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8474C6ED-A193-4012-868D-B27EC90417BF}" = rport=25565 | protocol=17 | dir=out | name=minecraft-server |
"{8637D394-0798-44FB-9F76-F0E1B330F574}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A3887A-4EC1-4475-8D5B-E08414E95106}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C60A011-CA58-462F-8D82-8E50B1ED118B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9250758B-11CE-4394-82B3-CDE9CE4C7AD0}" = lport=5222 | protocol=6 | dir=in | name=wippien selbst |
"{9405193F-C95C-4061-9063-F93B813ABFCD}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2674C04-4F3C-4D6F-A302-AF289495A62D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5F37681-A4A8-403B-B9C6-93DD2A34CE61}" = rport=139 | protocol=6 | dir=out | app=system |
"{A706C34E-0A78-4AF5-A520-B7E6B0F6D6DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE616FBD-2F11-4EAF-901E-E91301425753}" = lport=139 | protocol=6 | dir=in | app=system |
"{B74FEE57-71E1-4748-B2D2-A80A68E10879}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC0E89EC-265D-445B-B507-55F5E53D23F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7EBFCB7-63BF-4B8A-B4EB-517212118EA4}" = rport=5222 | protocol=6 | dir=out | name=wippien selbst |
"{DA9E3BC0-39F6-4E0D-B986-E92FA774E7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E162AC7D-721E-48EF-8FD7-6E607DD7735D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E240A71D-83CE-43CD-AE11-1544A08FFC07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E8029BD7-0F41-48D2-9DC8-19072378A945}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0FD6DF8-1D58-4600-8FE5-674ADB31C5E4}" = lport=25565 | protocol=6 | dir=in | name=minecraft-server |
"{F70AFF1E-EC40-47DA-8961-8D2FCFF07D12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F931B772-5974-4A5F-8802-CB44FA82CDF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBCD0F08-2E89-474C-8D5F-377629D7E5FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B9E27-4D2D-4B19-8657-9ADEC31E36F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{002E02CA-631F-4368-941F-EAE343BC772C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{020A575E-289E-470F-BDC9-22C0849E8A96}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{02EF9E50-8019-41D4-834C-AC6583C53725}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{063587AA-2EDA-4E0A-85A0-C42B4CD8C035}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{0F527516-E59D-418C-8382-67AD2DFEC37E}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{0FD0F9D8-6230-4635-8BD9-276BE8EE52F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe |
"{131AEC10-BBFC-4BCF-B191-5B3A31DAC01E}" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe |
"{1505488D-D6F7-435C-B061-74021E7E9C35}" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"{1AC164C8-B660-4DB4-A305-648CC0F31875}" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"{227598BF-3541-4084-8548-097210184D78}" = protocol=6 | dir=out | app=system |
"{23478101-C22B-490C-A52F-2C8C477C11E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{271FDB4B-181E-4BC7-92F9-3995C5B04374}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe |
"{2E657FBE-0684-410F-86D0-71507CF1DE3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3088F938-106D-49DC-92CB-F47CCB7B050E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{3209C544-5C58-40DD-8A99-63580255C83B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{32C520F2-CF58-475D-9000-EF6A6C3E4A6F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{386F6BF3-92A5-41D1-A24F-DB029261E107}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E18FEDC-7AF7-4252-9C41-8756988B6852}" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"{3EAA163D-7530-41D6-BD03-497D018840A0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{49C0E022-E1DA-4EFB-B53C-29372AEB77AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BC6B86D-42C9-4C79-813C-974C8DF3207B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{4EE82E30-F4EC-4DA4-BB8E-214404388985}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{5418A2BD-A771-4187-A5D6-5E96CFAFFB1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe |
"{55237E8C-AB70-445A-AB46-E0585B0A4ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55ABBA22-F042-4095-90EB-E0C1F06814E4}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{60DBE17F-27DD-489C-A22C-2DDC92FB2D71}" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"{6158C992-5484-46FC-B1A2-71130070773A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{6186AEAC-482E-4AA9-AA19-5A0906368DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{63CD194D-7FCC-490F-8D96-C85B4B7837C9}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe |
"{662A75A4-43A3-4DFA-83E4-908AE18D675C}" = dir=out | app=%programfiles%\wippien\wippien.exe |
"{67EB0788-C96C-49D9-8962-FC75363503E5}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{6CAC3767-AF30-4CE9-9B8F-BF56DCB7090C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6EBD1456-0B1B-4E23-86BC-3AB769025C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F767085-0520-4E6E-A478-3177020A5329}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{70D17436-5FAA-4CFB-A3B0-881A563DA85B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{71985D10-D06A-42E5-BE77-BEBC52FED508}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{757D01B2-1BF2-4C06-9022-FC0A6F1D2FB7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{769466F2-A163-44DD-A344-77800B20A777}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{77EC8367-F443-4C27-80B7-2D229965D905}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{78829DA7-A505-4912-B0CF-D2C6F0A47575}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{80592F22-7B5C-42E3-B460-D94D755FDE63}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{80D43123-CE81-4391-AFE1-8B162C2F183D}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe |
"{8820348A-F9CF-4799-83D2-F924415B1A00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8A459F79-2E7F-42EC-975A-4DE8743142C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8E48D6CF-1D3E-450B-A7F6-BE6FA3FB8993}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{915486CB-7140-4B87-88BF-A5B31F00EE65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{91F7F5A3-14DF-47FE-9351-504BB45E6924}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{92DE8AEE-6596-495E-B5FE-FA3B8C30E615}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96FF075F-48F4-4D9E-991D-9FB5325592D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9C0863AE-8E40-4A4E-838B-DDE3FE78F6A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{A07794D5-7FBE-4612-BF7D-0ABCBAEEC072}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A307150D-483D-4282-B360-9AA708C9D0F8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{A6317F27-12C2-4034-ACA0-30ED5E0DE290}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{A74D93B8-E787-442E-BF4E-9FADB47E185B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{A836BCCC-F000-4CF2-98C2-9CC7FF3DAB75}" = protocol=58 | dir=in | app=system |
"{AADE2F97-CCD9-4A74-90ED-972C772C44B5}" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"{AB145289-BCA2-4C4F-85A8-C09B92229F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACD754A1-F24D-4AD0-8BEB-CB6496C70811}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0BB929F-3AD0-44D6-AB4C-8CAE6B72CC3B}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B0FC9A48-8F4E-43F5-82ED-0732637B37BC}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{B4FBA645-B519-4560-A6CF-E8FEA9B2BF71}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{B5082D14-0FAF-470F-B882-C4E2AECC9CFA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B586263D-2A69-4726-8C27-91ACE49C74FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{B6422B6C-605C-4B8F-9921-FC3905E13DE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{B6965B70-334A-4EAD-AF36-721A09A99044}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe |
"{B78049D2-985E-4CC8-8CDD-9530A8AFB166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC1EBB1F-E292-4323-8D94-F266A0231A13}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{C1AA6DE7-ACDD-46A4-862C-B643D689D550}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A7AAF5-8622-4BA3-85FA-58E6B7361054}" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe |
"{C2C1DAEE-699D-412E-8AD3-A2399AB8EC7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{C35E8875-6F28-4514-A4D1-20C065FDEFB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA58CFC-2811-4CC8-9FFD-9E4218DF08F6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CDF9917B-BE40-4982-8E0E-5BCFCC24D70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAED0437-BA4B-4995-82BE-6DAB75F640F7}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{DCC4F26A-9FD1-4867-B9AD-CE0D97269A50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4663123-B20F-4A3D-8BAF-620DC3A02D7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EAEC6904-A966-43FB-B0B2-7CF10915D140}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{EC9C3F41-B38F-42E1-B69B-573D5927B502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECB8D84F-28E8-47A2-8EBD-2C58830BC1DA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{ED3EE91E-F43D-476C-8422-E41CFBFB962C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{ED79E357-3BE4-46C9-AC76-04B64EE430C9}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{EF64C3A3-B007-4985-963E-270D2ED8F730}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe |
"{F12BA258-C482-4C2A-9B00-76A14A188426}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F206ECD5-7916-44BB-9359-AFDA3FEC489E}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{F2ADC6FB-7E41-4104-9F00-AA12B9CA8D9F}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe |
"{F357CAA6-7D05-46ED-A874-D699EFD8BDD8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F3D50767-5668-4CA8-83C1-4C550D95F2B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F57AC9F4-BC83-4E01-944D-648BA6573B25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F77AA1E4-6619-475C-8F3B-568FE78FA0FB}" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"TCP Query User{13C55265-EB02-495D-9024-2940D35166B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{13D545FA-5B15-4DAA-A896-F95582006E2C}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe |
"TCP Query User{1CED553D-57E1-4DB4-ACBB-6FC0959C1F51}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=6 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe |
"TCP Query User{1EAB7AF3-EAAC-4200-A375-9FAB78BF82BA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{23CB68BD-4B97-49AF-B0F3-6FAFACD7B4DE}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{253224D6-3A78-477D-88E0-42984CDD5AC2}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{2C86AA98-F95B-46C6-860A-FE29A6F775C8}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"TCP Query User{339BDCD9-6D68-4B85-A34F-85DDBE188EAD}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"TCP Query User{4F0D0283-FF2C-45DA-805C-BA8AE5F2D013}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{5B2498E3-1EC2-4553-9585-B44FF2281716}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe |
"TCP Query User{5F84E32E-2918-460D-882A-5DDB80E25278}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"TCP Query User{657C2EB9-0546-42F3-B8A4-B1FEFDC4BF7F}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{73F1A104-BB6F-4701-BC9B-FEFE34D4E08E}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{77E41B7F-A857-49EA-B229-9C9856EAE016}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{B69B147A-F60E-43F3-8EF3-199AB188865D}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{BB8DB480-4019-4880-9406-55DCBF31B2D9}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{C91BE81E-B242-4100-86A8-E75FE610CCF6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E0A03DE5-D22B-4DE4-BBF7-EE57C17A64A0}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"TCP Query User{E80F3F3C-2D89-43F4-A9BB-DD79CA70E973}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{F3A9F56D-A95D-42A6-B8BE-8F374F9A77EA}C:\program files\mumble\murmur.exe" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe |
"UDP Query User{0CD65F73-D942-4721-906B-14740B50977C}C:\program files\mumble\murmur.exe" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe |
"UDP Query User{0DF0AF0C-C27E-491C-824C-01171618872B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1943FADF-EB29-42B4-80B9-AEBC0BD3DD89}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{19AC3C83-11A6-4CC0-A3A5-45FB0400408E}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{33C8677C-F191-4EE1-8E7E-52861A3DD4EE}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{375549FF-E21A-4D70-B6A1-AA8E1B89ABD9}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{44744833-E004-4000-8E13-066AEF974677}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{710D025D-8DE7-4C7B-915D-F6A6DC93F127}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe |
"UDP Query User{759F5B74-C73F-4CDA-A774-66B6CF0B549D}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"UDP Query User{980A06CC-D831-42A3-B408-FC21BDF200E6}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"UDP Query User{99E80D50-576D-4777-B35B-B7FA9BED590E}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"UDP Query User{9B939DBF-4196-4A79-BC4F-47C416D7DC34}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"UDP Query User{BE1920B4-F0F8-4D2A-9120-8E13ACEFC9D2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C45B4504-10AC-4B9F-954C-846758E4F36F}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{CA1D29A4-FD9E-4932-95A9-BF8DC19F6163}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=17 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe |
"UDP Query User{CD0E6FD0-9743-4788-9290-35139F18D98D}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe |
"UDP Query User{D5A4C795-DD13-4B80-A2C4-C24D574AE5FC}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{EF56D555-942C-4221-BA7C-1302DCBB1453}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{F3179D5E-8083-4F9C-9A24-09BCC9C43E0A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F6C265BE-79B1-43EC-BFBA-781810A6E1E2}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04587046-E062-A70D-10C0-108318D5AD2C}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = HALO 2 FÜR WINDOWS VISTA
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{11A247C5-3741-06EA-37BE-F962C5D09DF1}" = HydraVision
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{155FE169-9143-4179-B68E-E7D74CD3F43C}" = ATI AVIVO Codecs
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F41998F-9307-C88C-FA64-A28FFF4B8800}" = ATI Problem Report Wizard
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B7C6F142-1136-EDB0-C1C4-1F28A6639768}" = AMD Drag and Drop Transcoding
"{BA12FD6D-169A-11D7-A6A9-00C026281E5A}" = Twin USB Vibration Gamepad
"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDFBE82A-62CF-ACD5-5BDC-A776229D694A}" = AMD Media Foundation Decoders
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{D69B5522-2170-962F-58E8-DDEFA6636DA9}" = AMD Accelerated Video Transcoding
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1" = Wippien 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"Blue Byte Game Channel" = Blue Byte Game Channel
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"Halo 2" = HALO 2 FÜR WINDOWS VISTA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"Pidgin" = Pidgin
"S4Uninst" = Die Siedler IV
"Steam App 102600" = Orcs Must Die!
"Steam App 105400" = Fable III
"Steam App 12810" = Overlord II
"Steam App 3700" = Sniper Elite
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73050" = Magicka - Demo
"Steam App 98300" = Toy Soldiers
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2012 07:57:25 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x560004c2 ID des fehlerhaften Prozesses:
0x13e4 Startzeit der fehlerhaften Anwendung: 0x01cd60ee9931caf6 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e8a5be44-cce1-11e1-bc81-001fc652aad5
Error - 13.07.2012 07:58:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: dwmapi.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bda07 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000003 ID des fehlerhaften Prozesses:
0xd8 Startzeit der fehlerhaften Anwendung: 0x01cd60eeb6a28a31 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\dwmapi.dll Berichtskennung: fe90917c-cce1-11e1-bc81-001fc652aad5
Error - 13.07.2012 07:58:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x458bff85 ID des fehlerhaften Prozesses:
0x58c Startzeit der fehlerhaften Anwendung: 0x01cd60eec6abb1ad Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 0f9ea9aa-cce2-11e1-bc81-001fc652aad5
Error - 14.07.2012 07:08:36 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xc25ec68b ID des fehlerhaften Prozesses:
0x1650 Startzeit der fehlerhaften Anwendung: 0x01cd61b0ea6229d7 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 41afcfb2-cda4-11e1-8085-001fc652aad5
Error - 14.07.2012 07:09:07 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x106cb0d8 ID des fehlerhaften Prozesses:
0x1680 Startzeit der fehlerhaften Anwendung: 0x01cd61b107e02fb4 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 53b60722-cda4-11e1-8085-001fc652aad5
Error - 14.07.2012 07:09:42 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06c7ffff ID des fehlerhaften Prozesses:
0xff8 Startzeit der fehlerhaften Anwendung: 0x01cd61b119eb4936 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 68b69dfc-cda4-11e1-8085-001fc652aad5
Error - 17.07.2012 12:11:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: MassEffect2.exe, Version:
1.2.1604.0, Zeitstempel: 0x4bd60ba2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x007cbceb
ID
des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cd641e04adae13
Pfad
der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
1d0bb0c2-d02a-11e1-b8a9-001fc652aad5
Error - 17.07.2012 14:15:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x172c Startzeit der fehlerhaften Anwendung: 0x01cd6438850422dc Pfad der
fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 5a008f0b-d03b-11e1-b8a9-001fc652aad5
Error - 17.07.2012 15:31:57 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0x01cd64486d7b86e6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 11feeae1-d046-11e1-b8a9-001fc652aad5
Error - 18.07.2012 17:29:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: MassEffect2.exe, Version:
1.2.1604.0, Zeitstempel: 0x4bd60ba2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00511eb0
ID
des fehlerhaften Prozesses: 0xb94 Startzeit der fehlerhaften Anwendung: 0x01cd6518db998d57
Pfad
der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
a4589bbe-d11f-11e1-ab36-001fc652aad5
[ System Events ]
Error - 13.07.2012 12:22:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 14.07.2012 05:43:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 14.07.2012 16:18:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 15.07.2012 05:44:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.07.2012 06:39:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 17.07.2012 05:46:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.07.2012 02:59:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.07.2012 14:13:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 19.07.2012 07:22:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 19.07.2012 16:32:07 | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
(Benutzername durch *** ersetzt)
Ich danke bereits im Vorraus für die Hilfe und hoffe, dass ich soweit alles richtig gemacht habe. |
