| |
| |||||||
Log-Analyse und Auswertung: Bitdefender stoppt C:\Users\S*****\AppData\Roaming\Prapproxy32.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.08.2013, 07:26
| #1 |
 |  Bitdefender stoppt C:\Users\S*****\AppData\Roaming\Prapproxy32.exe Guten Morgen liebe Trojaner-Board-Crew, ich bin neu hier und hoffe Hilfe zu finden. Die oben genannte Datei ist leider für mich nicht einfach zu finden. Ich wollte diese mit einem Dateischredder vernichten. Ich bin da ziemlich schmerzfrei, was solche Dinge angeht. Leider kann ich diese Datei unter der von Bitdefender angegebenen Adresse nicht finden.  Nach jedem Windows-Start kommt von Bitdefender die Meldung, dass der Prozess blockiert wurde C:\Users\S***\AppData\Roaming\Prapproxy32.exe. Auf Bitdefender bin ich vor 2 Tagen umgestiegen, weil ich feststellte, dass die kostenlosen Programme (Avira, Spybot) leider nicht in dem Umfang erkennen, wie man es sich wünscht. Ich habe mich schon ein bisschen eingelesen in diese Materie und auch das Programm OTL geladen. Ich versuche direkt diese Scanberichte einzufügen. Meinen User-Name habe ich mit S*** unkenntlich gemacht. Ich bin Neuling mit der OTL-Software. Der Scan ist nach der allgemeinen Anleitung aus dem Forum durchgeführt. OTL.txt: Code:
ATTFilter OTL logfile created on: 05.08.2013 08:01:46 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents\09_Programme\02_Sicherheit\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 66,18% Memory free 15,80 Gb Paging File | 13,05 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 250,00 Gb Total Space | 117,79 Gb Free Space | 47,12% Space Free | Partition Type: NTFS Drive D: | 656,43 Gb Total Space | 196,78 Gb Free Space | 29,98% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 1863,01 Gb Total Space | 1122,59 Gb Free Space | 60,26% Space Free | Partition Type: NTFS Drive G: | 44,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 29,83 Gb Total Space | 15,15 Gb Free Space | 50,80% Space Free | Partition Type: FAT32 Drive I: | 59,61 Gb Total Space | 13,55 Gb Free Space | 22,73% Space Free | Partition Type: FAT32 Computer Name: S***-PC | User Name: S*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents\09_Programme\02_Sicherheit\OTL\OTL.exe (OldTimer Tools) PRC - C:\Programme\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender) PRC - C:\Users\S***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Bitdefender\Bitdefender\antispam32\txmlutil.dll () MOD - C:\Users\S***\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Users\S***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Users\S***\AppData\Roaming\prapproxy32.dll () ========== Services (SafeList) ========== SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Bitdefender) SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Bitdefender) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender\bdparentalservice.exe (Bitdefender) SRV - (SWUpdateService) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung Electronics CO., LTD.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (WiseBootAssistant) -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (SGDrv) -- C:\Windows\SysNative\drivers\SGDrv64.sys (Phoenix Technologies Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC) DRV - (bdfwfpf_pc) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys (BitDefender SRL) DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 32 0E 03 84 04 CE 01 [binary data] IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "Bing " FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.selectedEngine: "Bing " FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=072513" FF - prefs.js..extensions.enabledAddons: %7BE634117B-33A8-4C70-8210-198010F03834%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072513&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=17.8: C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll (Bitdefender) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\BDTBEXT [2013.07.04 11:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ [2013.07.04 11:52:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.01 00:28:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013.07.04 11:51:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E634117B-33A8-4C70-8210-198010F03834}: C:\Users\S***\AppData\Roaming\20003.012 [2013.07.16 01:29:37 | 000,000,000 | ---D | M] [2013.02.06 23:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S***\AppData\Roaming\mozilla\Extensions [2013.07.25 15:20:35 | 000,002,402 | ---- | M] () -- C:\Users\S***\AppData\Roaming\mozilla\firefox\profiles\yar7htw3.default\searchplugins\bingp.xml [2013.05.01 00:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.16 01:29:37 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\S***\APPDATA\ROAMING\20003.012 [2013.05.01 00:28:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.01 21:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 21:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.01 21:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 21:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 21:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 21:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.08.03 16:18:35 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Bitdefender-Geldbörse) - {09F58E74-42B4-4D70-BA26-35FC954E7A17} - C:\Programme\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O2 - BHO: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender) O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKU\.DEFAULT..\Run: [Bitdefender-Geldbörse] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender) O4 - HKU\.DEFAULT..\Run: [Bitdefender-Geldbörse-Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) O4 - HKU\.DEFAULT..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender) O4 - HKU\S-1-5-18..\Run: [Bitdefender-Geldbörse] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender) O4 - HKU\S-1-5-18..\Run: [Bitdefender-Geldbörse-Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) O4 - HKU\S-1-5-18..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [] File not found O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [Bitdefender-Geldbörse] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [Bitdefender-Geldbörse-Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000..\Run: [UseerSideBar] C:\Users\S***\AppData\Roaming\prapproxy32.exe () O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-216033253-3173365450-1935379270-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\S***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\S***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC932D40-F612-4F6D-A109-A662D6E296A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2009.07.14 10:26:40 | 000,000,043 | ---- | M] () - H:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2013.08.04 00:47:50 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00753381-7a74-11e2-8242-9718ea92fce8}\Shell - "" = AutoRun O33 - MountPoints2\{00753381-7a74-11e2-8242-9718ea92fce8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.03 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Local\bdch [2013.08.03 17:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch [2013.08.03 17:15:39 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys [2013.08.03 17:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender [2013.08.03 17:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.08.03 17:10:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll [2013.08.03 17:10:34 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys [2013.08.03 17:10:34 | 000,082,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2013.08.03 17:10:31 | 000,718,840 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013.08.03 17:10:31 | 000,593,144 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2013.08.03 17:10:31 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2013.08.03 16:41:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.08.03 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Bitdefender [2013.08.03 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\QuickScan [2013.08.03 16:23:26 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys [2013.08.03 16:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.08.03 16:23:24 | 000,383,048 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2013.08.03 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.08.03 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.08.03 16:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2013.08.02 15:18:59 | 000,000,000 | ---D | C] -- C:\Users\S***\Desktop\Spiele_Zusatz [2013.08.02 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\UsAgt [2013.08.02 05:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.08.02 05:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.30 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\S***\Desktop\Ralf [2013.07.30 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Thunderbird [2013.07.24 23:02:46 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Local\Adobe [2013.07.20 23:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.07.20 23:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.07.20 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\S***\Desktop\Neuer Ordner [2013.07.18 21:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64 [2013.07.18 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64 [2013.07.16 01:29:34 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\20003.012 [2013.07.16 01:27:15 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\xmldm [2013.07.16 01:27:14 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\ckoock [2013.07.15 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Local\Chromium [2013.07.15 18:58:53 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.07.15 18:58:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.07.15 18:58:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.07.15 18:58:53 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.07.15 18:58:52 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.07.15 18:58:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.07.15 18:58:51 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.07.15 18:58:51 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.07.15 18:58:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.07.15 18:58:51 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.07.15 18:58:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.07.15 18:58:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.07.15 18:58:50 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.07.15 18:58:50 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.07.15 18:58:49 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.07.15 18:58:49 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.07.15 18:58:49 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.07.15 18:58:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.07.15 18:58:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.07.15 18:58:49 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.07.15 18:58:48 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.07.15 18:58:48 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.07.15 18:58:48 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.07.15 18:58:48 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.07.15 18:58:47 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.07.15 18:58:47 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.07.15 18:58:47 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.07.15 18:58:47 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.07.15 18:58:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.07.15 18:58:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.07.15 18:58:46 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.07.15 18:58:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.07.15 18:58:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.07.15 18:58:46 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.07.15 18:58:46 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.07.15 18:58:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.07.15 18:58:46 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.07.15 18:58:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.07.15 18:58:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.07.15 18:58:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.07.15 18:58:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.07.15 18:58:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.07.15 18:58:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.07.15 18:58:44 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.07.15 18:58:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.07.15 18:58:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.07.15 18:58:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.07.15 18:58:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.07.15 18:58:44 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.07.15 18:58:44 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.07.15 18:58:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.07.15 18:58:44 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.07.15 18:58:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.07.15 18:58:43 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.07.15 18:58:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.07.15 18:58:43 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.07.15 18:58:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.07.15 18:58:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.07.15 18:58:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.07.15 15:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2013.07.14 12:39:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.12 22:46:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013.07.12 22:32:30 | 000,000,000 | ---D | C] -- D:\Documents\Games for Windows - LIVE Demos [2013.07.12 22:32:17 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.07.12 22:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2013.07.12 22:09:52 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Eciwyg [2013.07.12 22:09:52 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Ditacep [2013.07.12 18:34:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.07.12 18:34:45 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.07.12 18:34:45 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.07.12 18:34:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.07.12 16:23:59 | 000,000,000 | ---D | C] -- D:\Documents\Rockstar Games [2013.07.12 16:20:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.07.12 16:20:19 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Local\Rockstar Games [2013.07.12 16:19:55 | 000,000,000 | RH-D | C] -- C:\Users\S***\AppData\Roaming\SecuROM [2013.07.12 16:19:02 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.07.12 16:18:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.07.12 16:18:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.07.12 16:18:11 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.07.12 16:18:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.07.12 16:18:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.07.12 16:18:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.07.12 16:18:10 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.07.12 16:18:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.07.12 16:18:10 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.07.12 16:18:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.07.12 16:18:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.07.12 16:18:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.07.12 16:18:10 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.07.12 16:18:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.07.12 16:15:55 | 000,000,000 | ---D | C] -- D:\Documents\Microsoft Hardware [2013.07.12 16:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.07.11 00:31:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.07.11 00:31:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.07.11 00:31:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.07.11 00:31:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.07.11 00:31:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.07.11 00:31:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.07.11 00:31:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.07.11 00:31:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.07.11 00:31:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.07.11 00:31:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.07.11 00:31:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.07.11 00:31:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.07.11 00:31:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.07.11 00:31:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.07.11 00:31:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.07.10 23:07:01 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.07.10 23:05:40 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013.07.10 23:05:40 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013.07.10 23:05:39 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013.07.10 23:05:39 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013.07.07 20:28:15 | 000,000,000 | ---D | C] -- D:\Documents\Max Payne 2 Savegames [2013.07.07 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.07.07 20:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.07.07 20:07:05 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll [2013.07.07 20:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2013.07.07 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Wuuq [2013.07.07 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\S***\AppData\Roaming\Qilei [2 C:\Users\S***\AppData\Roaming\*.tmp files -> C:\Users\S***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.08.05 07:59:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.05 07:59:55 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.05 07:50:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.08.05 07:50:58 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.08.05 07:50:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.08.05 07:50:58 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.08.05 07:50:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.08.05 07:46:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.05 07:46:18 | 4187,381,759 | -HS- | M] () -- C:\hiberfil.sys [2013.08.05 01:41:31 | 000,007,626 | ---- | M] () -- C:\Users\S***\AppData\Local\Resmon.ResmonCfg [2013.08.04 19:06:52 | 000,239,701 | ---- | M] () -- C:\Users\S***\Desktop\Nokia N8-00 16 GB - Dunkelgrau (Ohne Simlock) 12 MP - Smartphone TOP! (ID68) _ eBay.pdf [2013.08.04 12:36:54 | 000,000,686 | -H-- | M] () -- C:\bdr-cf01 [2013.08.04 11:54:24 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.08.04 11:54:24 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.08.03 17:15:39 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys [2013.08.03 17:12:08 | 001,205,422 | ---- | M] () -- C:\ProgramData\1375540566.bdinstall.bin [2013.08.03 17:11:58 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml [2013.08.03 17:11:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.08.03 16:34:36 | 000,393,727 | ---- | M] () -- C:\ProgramData\1375539782.bdinstall.bin [2013.08.03 16:20:52 | 000,073,240 | ---- | M] () -- C:\Users\S***\AppData\Roaming\xcomwiz32.jpg [2013.08.03 16:19:12 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini [2013.08.03 16:18:35 | 000,000,824 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.07.29 11:56:08 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job [2013.07.24 23:07:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.24 23:07:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.07.24 23:07:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.07.24 17:42:13 | 000,367,712 | ---- | M] () -- C:\Users\S***\AppData\Roaming\AcroIEHelpe006286.dll [2013.07.24 17:42:13 | 000,007,496 | ---- | M] () -- C:\Users\S***\AppData\Roaming\BAcroIEHelpe006286.dll [2013.07.16 01:29:44 | 000,007,496 | ---- | M] () -- C:\Users\S***\AppData\Roaming\BAcroIEHelpe005285.dll [2013.07.16 01:29:13 | 000,000,656 | ---- | M] () -- C:\Users\S***\AppData\Roaming\rost.dat [2013.07.13 00:32:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.07.12 16:19:02 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.07.11 05:58:09 | 000,381,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.10 17:59:23 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2013.07.09 18:08:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.07.07 14:34:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job [2 C:\Users\S***\AppData\Roaming\*.tmp files -> C:\Users\S***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.04 19:06:52 | 000,239,701 | ---- | C] () -- C:\Users\S***\Desktop\Nokia N8-00 16 GB - Dunkelgrau (Ohne Simlock) 12 MP - Smartphone TOP! (ID68) _ eBay.pdf [2013.08.03 17:20:50 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01 [2013.08.03 17:20:49 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.08.03 17:20:48 | 038,518,480 | -H-- | C] () -- C:\bdr-im01.gz [2013.08.03 17:20:48 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.08.03 17:12:08 | 001,205,422 | ---- | C] () -- C:\ProgramData\1375540566.bdinstall.bin [2013.08.03 17:11:58 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2013.08.03 17:11:42 | 000,000,686 | -H-- | C] () -- C:\bdr-cf01 [2013.08.03 17:11:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.08.03 16:34:36 | 000,393,727 | ---- | C] () -- C:\ProgramData\1375539782.bdinstall.bin [2013.08.03 16:19:09 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini [2013.07.29 11:56:08 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job [2013.07.24 17:42:13 | 000,367,712 | ---- | C] () -- C:\Users\S***\AppData\Roaming\AcroIEHelpe006286.dll [2013.07.24 17:42:13 | 000,007,496 | ---- | C] () -- C:\Users\S***\AppData\Roaming\BAcroIEHelpe006286.dll [2013.07.23 17:11:12 | 000,073,240 | ---- | C] () -- C:\Users\S***\AppData\Roaming\xcomwiz32.jpg [2013.07.16 01:29:44 | 000,007,496 | ---- | C] () -- C:\Users\S***\AppData\Roaming\BAcroIEHelpe005285.dll [2013.07.16 01:29:13 | 000,000,656 | ---- | C] () -- C:\Users\S***\AppData\Roaming\rost.dat [2013.07.13 00:32:25 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.05.27 14:39:33 | 000,000,832 | ---- | C] () -- C:\Users\S***\AppData\Local\recently-used.xbel [2013.03.25 13:34:42 | 000,001,632 | ---- | C] () -- C:\Users\S***\AppData\Roaming\MyMicroBalanceConfig.ini [2013.02.28 09:20:24 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.27 21:21:49 | 000,007,626 | ---- | C] () -- C:\Users\S***\AppData\Local\Resmon.ResmonCfg [2013.02.06 21:28:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.02.06 18:18:48 | 000,002,986 | ---- | C] () -- C:\Windows\HotFixList.ini [2012.03.26 20:19:10 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.26 20:19:08 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.26 20:03:46 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.26 18:53:42 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2009.10.31 12:08:11 | 000,364,480 | RHS- | C] () -- C:\Users\S***\AppData\Roaming\prapproxy32.exe [2009.10.31 12:08:11 | 000,353,504 | RHS- | C] () -- C:\Users\S***\AppData\Roaming\prapproxy32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.08.2013 08:01:46 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents\09_Programme\02_Sicherheit\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 66,18% Memory free
15,80 Gb Paging File | 13,05 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 117,79 Gb Free Space | 47,12% Space Free | Partition Type: NTFS
Drive D: | 656,43 Gb Total Space | 196,78 Gb Free Space | 29,98% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1863,01 Gb Total Space | 1122,59 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
Drive G: | 44,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 29,83 Gb Total Space | 15,15 Gb Free Space | 50,80% Space Free | Partition Type: FAT32
Drive I: | 59,61 Gb Total Space | 13,55 Gb Free Space | 22,73% Space Free | Partition Type: FAT32
Computer Name: S***-PC | User Name: S*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01449962-D8A1-4F19-ACBF-AED3F4BCB7A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EE345E6-9091-4890-9AFC-D60FBF178EF8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{100CB82A-E7E3-4DC3-935E-3A9FFE9D4942}" = rport=137 | protocol=17 | dir=out | app=system |
"{1016EB3D-2ED0-41D8-A677-2D6BCB1BA961}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1647F113-3493-4775-B976-CCCADFAEAEB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21374D97-9EA9-4D30-BC94-9FB551865B4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29D5DEB7-77A1-4F1C-A00D-03A5F3984136}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E7C0342-19A1-41A7-A508-191E847300B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E92B9B4-BC00-4480-964D-73C88EF69E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53391A7F-4E8E-4F8B-A9AA-5727E9FBF1A0}" = rport=445 | protocol=6 | dir=out | app=system |
"{690F0240-D3DB-4345-88C4-AC859DAA5749}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70CD7DEB-91E0-45C5-AA1E-F9DD179D68BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{774E8209-2067-4DCC-8B14-9C26013C93F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{799EC784-0F55-4124-9538-27CD49E5207C}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DCD8A35-A5CE-4BE0-952A-1C31B598E423}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DD2E822-851A-4F70-B32A-61749077A79D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DD717B5-0E47-4FA8-93F9-345D4F92EEF5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93AB9C1D-BAE2-4698-B1EC-6E6CA0326B87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A2D8EBCB-3FB1-4291-9B8D-8B754F8CADF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B608D116-1832-4A34-A74B-2953C1D0CE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD60746A-A9EE-4E1D-9485-1C5EB25A39A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{BF935185-5A7A-4916-A76F-22C5A46CFA7A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7A28A77-18BD-49B1-A12A-F8B562B91F1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{C853D4E8-FEF8-4996-95C8-D02AC69C480F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D098D023-BC4A-471C-B90C-BF04AD3A5F1E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D18771-CADB-47AF-88BD-2056B23A5FDE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{074645EE-D32B-4E6F-90FB-9728383B6864}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{114CF618-CBE8-4B99-8569-B9B7E407B40E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{12C4AD99-5FAE-4ACD-B7D6-3C5A636EF388}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13C84FE8-1D33-47FF-A841-CC8DD6D7707D}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{14397AB9-6AFA-4357-8DCA-8E4ABB0E3D7A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{17E860B7-4187-47F4-9D7D-58F07E94C0AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D123899-02AA-41D7-AF53-8F9C85BDBB59}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{1DB3F827-0D16-4093-A662-2418BF9B9EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout ultimate carnage\fouc.exe |
"{27767662-F5B4-4492-879F-CD7B5011540D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27A7417C-778D-4D03-919C-F8536A770550}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27B6AA48-82CD-4F17-9F87-E23ED9CD7A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FF722FD-5755-456A-ACFD-0E943D63E86E}" = protocol=6 | dir=in | app=c:\users\S***\appdata\roaming\dropbox\bin\dropbox.exe |
"{416A296C-3DB5-4D0A-9D47-8194A268644E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45672948-A4F6-4BCE-A647-2DEBE2A645EE}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{45C06954-08D7-4807-B71F-C5B3C00A18F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{475B40B0-F2D8-4C39-AC56-31430A765B69}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{496055BA-156A-402F-8CC5-541CA1621EDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5015824E-BB54-4642-A389-8D484323456B}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{53669ED5-1345-4E88-A63C-D0D05FBA06E4}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{552770CE-4DB5-4864-A5C2-1F5BA306117E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"{5E426699-4B05-4D9D-98C1-CCCC234F7C76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F9B696A-873D-498A-9BF3-09ED12DF3942}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60C57774-DC62-4BD6-AA23-A7529AE32AB0}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\sendafax.exe |
"{6A8FC293-5E28-46E1-8478-083C4CF70071}" = protocol=6 | dir=out | app=system |
"{6B30BA63-294F-4D61-B886-A0922D868C1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CF1DC8B-531C-4A66-A2CB-219311C80216}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F98AC55-DF31-428E-908E-FC9910E23CFF}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{7AF2F3FF-D1CE-4622-A84E-CC17E307B504}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{815752E4-D3A6-4DC1-894F-1059D3AF0999}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{88A63B70-B7F0-458B-81E7-E62BD94CA1EF}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{8994E586-07AE-4F6E-A1B1-1D166372BCC6}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{8E28FA88-F7F1-4B42-8197-FE545948CBF1}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{8E624D2E-1603-4568-9142-615424AD4DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{8EAB9203-D136-4CBC-802C-7DA663D15A6C}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\faxapplications.exe |
"{911B3AC6-F5D3-44CD-866D-B11FC232B0D7}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{98C40EBE-1672-4EA8-B130-7E6D95EA1645}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{997B2A97-0820-4C9F-879C-8A3B8A2C09DD}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{9B1558F1-93D9-461E-B1B7-B0D954CAA674}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DCD78A8-DCFD-434E-9DCD-80630581E0C1}" = protocol=17 | dir=in | app=c:\users\S***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3CEF007-6CDB-4436-8D09-F786717C87B0}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{A56F8E1A-78A8-4DC5-9B7D-786E8FCE1887}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"{A756E23A-C00C-4795-AD0A-D939DD81EB08}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ABFFB82E-0A99-46B5-9FE7-DFF7030854A7}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{B450F912-2AB0-40B2-B638-0BA86BC06C56}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{B6A3C638-6AF7-4D82-8185-48897FC1840A}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{B6BD3372-DCA5-4A2B-9C0A-41485BA2C3B0}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{B8A7313B-C0EB-4F9D-90FA-F69E0F5A7635}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{BCA192FF-FA98-4F00-9A30-0F7C39D2D78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCB0EE34-060E-435D-A31F-4108F13F9EA2}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{BFF88712-C756-4E1A-BA84-DBA56877A91C}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{C16EB1B1-87AD-4BE2-A48B-39D84884219A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4359618-C367-45C7-A1FA-6BF56F15A65D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{C9096A2C-18E0-44D2-B2C0-657B7BC45668}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{CE499AD8-B999-4043-95AA-4026D0545835}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D36E2249-5E77-42B8-8BFC-3B23958113A8}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"{D6F39479-D571-458A-A289-510D3862CA89}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicatorcom.exe |
"{D9368146-DC1B-48DA-B181-D495FD9227D7}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\digitalwizards.exe |
"{DD44E26C-DD69-4056-8D97-B5B411F9564D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFC00A4E-7048-4B00-8264-7610F1D0D7BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E05B0535-C340-4D00-89C6-E6450A785AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{E4F195C2-5DC4-4EB3-8CAE-1EAAFFB7FB35}" = protocol=6 | dir=in | app=c:\users\S***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E6501E97-B32A-4595-A06F-0023ADED5468}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6CD0399-1559-47D0-A816-607DC919A706}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB21CA26-C599-41AA-A36D-B4CEDBD160FD}" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout ultimate carnage\fouc.exe |
"{EC5BAE83-3235-4387-A26F-FD9BA4F412D5}" = protocol=17 | dir=in | app=c:\users\S***\appdata\roaming\dropbox\bin\dropbox.exe |
"{EFD60931-3B77-407C-92A0-B0B2A9854790}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{F220A2C4-40C9-4A36-B098-C06E4799437B}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{F55C7658-38A3-44E2-98DA-1F5232BDD940}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{F76760E4-8B71-43C2-9BD3-4AC5C5266B28}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F921CA97-923B-4BFE-A1DD-3463F9CBDBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"{F95EA544-2793-4352-B745-D36BBF7F481A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB6605A8-A748-4173-B6A1-7137BDA02226}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{FE0D18AF-482B-4096-A1DA-AFE0D1A6D6AA}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FF794958-7333-439C-8928-2A6219D71F05}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"TCP Query User{93DBBD36-A5B3-4CC9-8D79-C4C74BD0AC34}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"TCP Query User{9BA73467-7A6A-48A2-ACF3-4B4EF4AE276A}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{A218BE16-8F69-48CD-92F4-01C702E90414}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{B4B57EE0-0769-44BC-BFF2-A322248F9DAE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C6966D1C-A947-4196-AE56-A48F6A9180D1}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{1656F7C9-C21C-4BD3-AEE5-7DF4AA2CCE9F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{58306C4C-6309-4A0C-B94D-AE01682E9E0F}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"UDP Query User{683ED778-73F8-41A8-89A9-33A8A098A34A}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{BFD261B2-034C-4676-8DAE-3E40F979A47A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{E8426322-3D34-4E65-A73B-9422F24A39D2}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75AA90DC-1E08-472E-863A-65D661AE0F9C}" = S Agent
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.87
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.87
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"An Office-n-PDF senden_is1" = An Office-n-PDF senden (novaPDF OEM 7.7 printer)
"Bitdefender" = Bitdefender Internet Security
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Opera 12.16.1860" = Opera 12.16
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{20CCA7EC-9499-41FA-A134-B904ABCC36ED}" = FireArc Arcade
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{411B07C7-9307-4AA7-932E-CB506E4CF3A3}" = SW Update
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Foto 2006 Suite Edition Editor
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Foto 2006 Suite Edition Bibliothek
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A35B895D-2EBF-4415-88DC-4B0D44F379BB}" = Office-n-PDF 2
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AD80049E-8CB4-4794-BF58-4A2834CFD37C}" = PureSync
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4C0444B-B404-42E0-B834-1C7CB67E1031}" = Nero 7 Premium
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAF30EE3-A2E2-47BE-A37B-96524BCB3EF5}" = MyMicroBalance
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.23
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F443C200-5A4B-4773-83F3-069867AE07BA}" = EFA3 - Bilder Kraftfahrzeugtechnik
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.8 (26/02/2013) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"Free YouTube Download_is1" = Free YouTube Download version 3.2.8.717
"freeocr_is1" = FreeOCR v4.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LinuxLive USB Creator" = LinuxLive USB Creator
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nokia Suite" = Nokia Suite
"PictureItSuite_v11" = Microsoft Foto 2006 Suite Edition
"PokerTH 1.0" = PokerTH
"PureSync" = PureSync 3.7.6
"Rockstar Games Social Club" = Rockstar Games Social Club
"STANDARD" = Microsoft Office Standard 2007
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-216033253-3173365450-1935379270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2013 07:13:38 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2013 07:29:47 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2013 07:41:21 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2013 07:42:44 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2013 08:15:09 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2013 14:08:38 | Computer Name = S***-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 16ac Startzeit: 01ce913d91bfd417 Endzeit: 7 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: def9867c-fd30-11e2-b278-50b7c37d7a4a
Error - 04.08.2013 14:09:14 | Computer Name = S***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b8479b Ausnahmecode: 0x0000046b Fehleroffset: 0x0000000000009e5d
ID
des fehlerhaften Prozesses: 0x528 Startzeit der fehlerhaften Anwendung: 0x01ce913d522ca2d8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: f82d2863-fd30-11e2-b278-50b7c37d7a4a
Error - 04.08.2013 18:06:32 | Computer Name = S***-PC | Source = .NET Runtime | ID = 1022
Description =
Error - 04.08.2013 18:14:14 | Computer Name = S***-PC | Source = .NET Runtime | ID = 1022
Description =
Error - 05.08.2013 01:47:26 | Computer Name = S***-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 14.04.2013 14:09:39 | Computer Name = S***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04.08.2013 06:55:22 | Computer Name = S***-PC | Source = DCOM | ID = 10005
Description =
Error - 04.08.2013 06:55:22 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 04.08.2013 06:55:22 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 04.08.2013 07:41:29 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1115
Error - 04.08.2013 07:52:48 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 04.08.2013 14:05:49 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 04.08.2013 14:09:40 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 04.08.2013 14:40:52 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 3 Mal passiert.
Error - 05.08.2013 01:47:34 | Computer Name = S***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 05.08.2013 01:52:20 | Computer Name = S***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
< End of report >
Gruß Daniel |
| Themen zu Bitdefender stoppt C:\Users\S*****\AppData\Roaming\Prapproxy32.exe |
| 7-zip, application/pdf:, avira, bho, blockiert, bonjour, converter, cpu, defender, error, explorer, firefox, flash player, format, grand theft auto, helper, home, iexplore.exe, install.exe, logfile, monitor, msvcrt, nvpciflt.sys, officejet, plug-in, prozess, realtek, registry, rundll, senden, sicherheit, smartphone, spyware, svchost.exe, tracker, trojaner, udp, virtualbox, virus, wrapper |
Baum-Darstellung