| |
| |||||||
Log-Analyse und Auswertung: Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2013, 16:55
| #1 |
| |  Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbar Hallo und Hilfe miteinander, ich habe mir heute über eine als realplayer Datei maskierte .exe ein Problem eingefangen. Nach dem Starten in einem nichtadmin-Benutzerkonto kam die Fehlermeldung Kritischer Festplattenfehler mit den Auswahlmöglichkeiten Dateien wiederherstellen und Dateien wiederherstellen und Festplatte auf Fehler überprüfen. Die Meldung ließ sich nicht schließen, so dass ich im Vertrauen auf meinen AVIR... Rundumschutz eine Option ausgewählt habe. Danach fror der Rechner/ der Desktop ein und ich habe kalt abgeschaltet. Ein Scan im abgesicherten Modus mit AVIR... blieb ohne Ergebnis. Ich habe dann die hier vorgeschlagenen Schritte 1-3 durchgeführt und zuvor mit malwarebaytes einen Scan gemacht: Log malwarebytes: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jymrohde :: PRIVAT [Administrator] 26.03.2013 15:08:29 mbam-log-2013-03-26 (15-08-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 284746 Laufzeit: 6 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Dann defogger und neustart, anschließend OTL OTL.TXT: OTL logfile created on: 26.03.2013 15:43:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jymrohde\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 19,74% Memory free 11,24 Gb Paging File | 2,56 Gb Available in Paging File | 22,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 199,90 Gb Total Space | 24,26 Gb Free Space | 12,14% Space Free | Partition Type: NTFS Drive D: | 265,76 Gb Total Space | 203,47 Gb Free Space | 76,56% Space Free | Partition Type: NTFS Computer Name: PRIVAT | User Name: Jymrohde | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.26 15:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jymrohde\Downloads\OTL.exe PRC - [2013.02.11 12:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2013.01.07 12:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- D:\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.12.20 09:14:48 | 000,800,704 | ---- | M] () -- C:\Program Files (x86)\Lidl_Fotos\dd.exe PRC - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2012.08.08 21:08:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 20:47:26 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe PRC - [2012.06.28 17:31:24 | 002,952,912 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- D:\StarMoney Business 5.0 S-Edition\offlagent7\offlagent.exe PRC - [2012.05.16 08:43:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.16 08:43:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.16 08:43:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.16 08:43:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.02.17 13:03:06 | 000,641,384 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nitro PDF\PdfPro7Hook.exe PRC - [2012.02.17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nitro PDF\PDFProFiltSrv.exe PRC - [2011.11.02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011.10.12 23:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2011.10.12 23:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.12.08 12:53:34 | 000,068,112 | ---- | M] (Paragon Software Group) -- D:\Anwendungen\Paragon\program\dbhagent.exe PRC - [2009.10.21 05:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.09.30 13:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007.03.12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.03.12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 03:30:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 03:38:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 03:38:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 03:37:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 03:37:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 03:37:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 03:37:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 03:37:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.20 09:14:48 | 000,800,704 | ---- | M] () -- C:\Program Files (x86)\Lidl_Fotos\dd.exe MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll MOD - [2009.07.30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Services (SafeList) ========== SRV - [2013.03.13 17:55:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.11 12:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney Business 6.0 OnlineUpdate) SRV - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- D:\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney Business 5.0 OnlineUpdate) SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2012.07.18 20:47:26 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2012.05.16 08:43:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.16 08:43:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.16 08:43:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.16 08:43:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nitro PDF\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.12.15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV - [2011.12.15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2011.12.15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.12.08 12:53:34 | 000,109,072 | ---- | M] (Paragon Software Group) [On_Demand | Stopped] -- D:\Anwendungen\Paragon\program\dbhservice.exe -- (Paragon System Backup Dienst) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.09.30 13:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 13:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2006.12.20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.07 12:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.16 08:43:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.16 08:43:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.11 11:14:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.05 12:56:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.09.05 12:56:24 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.05.08 09:52:24 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.03 05:38:32 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.08 12:53:30 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.10.26 16:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.10.26 16:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.03.26 15:25:26 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 60 E1 B5 DA CC CD 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {71FECF6E-012D-4d43-9167-A2CE6C4AE2FD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{71FECF6E-012D-4d43-9167-A2CE6C4AE2FD}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKCU\..\SearchScopes\{924F9B9A-A529-4af1-BBC3-D2D8ACBF7449}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledAddons: nuance@pdf7:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.2 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: D:\Anwendungen\Nuance\Dragon\Program\npDgnRia.dll (Nuance Communications Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nitro PDF\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: D:\Anwendungen\Nuance\Dragon\Program\ffShim.xpi [2012.07.18 20:36:36 | 000,136,026 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 15:06:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 16:48:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 17:55:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.04.02 14:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jymrohde\AppData\Roaming\mozilla\Extensions [2010.04.02 14:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jymrohde\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.26 15:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jymrohde\AppData\Roaming\mozilla\Firefox\Profiles\gp1168no.default\extensions [2012.11.27 21:01:42 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jymrohde\AppData\Roaming\mozilla\Firefox\Profiles\gp1168no.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013.03.26 15:27:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Jymrohde\AppData\Roaming\mozilla\Firefox\Profiles\gp1168no.default\extensions\firefox@ghostery.com [2012.09.27 16:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.27 16:48:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.03.11 11:33:06 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NITRO PDF\FIREFOX [2012.09.14 15:06:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.14 15:06:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 15:06:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.14 15:06:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.14 15:06:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.14 15:06:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.14 15:06:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nitro PDF\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - D:\Anwendungen\Nuance\Dragon\Program\ieshim.dll (Nuance Communications, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nitro PDF\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nitro PDF\Bin\ZeonIEFavClient.dll (Zeon Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [WD Quick View] C:\Programme\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DBHAgent] D:\Anwendungen\Paragon\program\dbhagent.exe (Paragon Software Group) O4 - HKLM..\Run: [DNS7reminder] D:\Anwendungen\Nuance\Dragon\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [InboxMonitor] C:\Program Files (x86)\Nitro PDF\InboxMonitor.exe () O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\bpvttlpxh.exedTool\xInsIDE.exe () File not found O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] D:\Anwendungen\Nuance\Omni\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nitro PDF\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nitro PDF\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PdfProInboxMonitor] C:\Program Files (x86)\Nitro PDF\InboxMonitor.exe () O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] D:\StarMoney Business 5.0 S-Edition\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [SMB60StarMoneyRunEntry] C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Device Detection] C:\Program Files (x86)\Lidl_Fotos\dd.exe () O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH4E.EXE /EPT "EPLTarget\P0000000000000001" /M "WP-4545 Series" /EF "HKCU" File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH4E.EXE /EPT "EPLTarget\P0000000000000002" /M "WP-4545 Series" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON BX525WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE /FU "C:\Windows\TEMP\E_S9972.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.) O4 - HKCU..\Run: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\bpvttlpxh.exe () O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nitro PDF\cnvres_ger.dll (Nuance Communications, Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nitro PDF\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BB67413-DDF2-4742-903F-208A81F4B587}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6927984B-0CC9-43F3-8016-367AE2E2C452}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{071ede93-db8a-11e0-8777-6cf0497121fa}\Shell - "" = AutoRun O33 - MountPoints2\{071ede93-db8a-11e0-8777-6cf0497121fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\index.html O33 - MountPoints2\{4b5a85ff-a631-11df-8e2b-6cf0497121fa}\Shell - "" = AutoRun O33 - MountPoints2\{4b5a85ff-a631-11df-8e2b-6cf0497121fa}\Shell\AutoRun\command - "" = F:\SafeStick.exe O33 - MountPoints2\{c7bddfcc-5a7f-11df-8f97-6cf0497121fa}\Shell - "" = AutoRun O33 - MountPoints2\{c7bddfcc-5a7f-11df-8f97-6cf0497121fa}\Shell\AutoRun\command - "" = O:\AUTORUN.EXE O33 - MountPoints2\O\Shell - "" = AutoRun O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\SH4Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jymrohde\Desktop\rkill [2013.03.26 15:06:36 | 000,000,000 | ---D | C] -- C:\Users\Jymrohde\AppData\Roaming\Malwarebytes [2013.03.26 15:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 15:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 15:06:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.26 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.26 13:27:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Microsoft Webupdater0 [2013.03.24 15:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player [2013.03.24 15:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TECHNO4EVER [2013.03.23 12:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney Business 6.0 [2013.03.23 12:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney Business 6.0 [2013.03.23 12:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney Business 6.0 [2013.03.13 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.03.26 15:33:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 15:33:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 15:30:40 | 001,650,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.26 15:30:40 | 000,710,864 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.26 15:30:40 | 000,663,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.26 15:30:40 | 000,153,956 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.26 15:30:40 | 000,126,006 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.26 15:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.26 15:25:23 | 2966,016,000 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 15:24:02 | 000,000,216 | ---- | M] () -- C:\Users\Jymrohde\defogger_reenable [2013.03.26 15:06:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 11:40:51 | 000,000,680 | RHS- | M] () -- C:\Users\Jymrohde\ntuser.pol [2013.03.26 11:19:41 | 005,044,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.24 15:43:48 | 000,002,481 | ---- | M] () -- C:\Users\Public\Desktop\TECHNO4EVER Player.lnk [2013.03.23 12:38:33 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney Business 6.0.lnk [2013.03.20 18:02:42 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.03.13 18:00:59 | 000,001,270 | ---- | M] () -- C:\Users\Jymrohde\Desktop\Allway Sync.lnk [2013.03.13 17:54:32 | 000,004,540 | ---- | M] () -- C:\Users\Jymrohde\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf [2013.03.13 17:53:59 | 000,010,455 | ---- | M] () -- C:\Users\Jymrohde\MatthiasRohde_Rohde_elster_2048.pfx [2013.03.13 17:38:12 | 000,073,197 | ---- | M] () -- C:\Users\Jymrohde\Documents\UseNeXT_Systemkategorien.dat [2013.03.13 17:34:05 | 000,001,857 | ---- | M] () -- C:\Users\Jymrohde\Desktop\UseNeXT by Tangysoft.lnk ========== Files Created - No Company Name ========== [2013.03.26 15:24:02 | 000,000,216 | ---- | C] () -- C:\Users\Jymrohde\defogger_reenable [2013.03.26 15:06:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.23 12:38:33 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney Business 6.0.lnk [2013.03.13 17:54:32 | 000,004,540 | ---- | C] () -- C:\Users\Jymrohde\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf [2013.03.13 17:53:22 | 000,010,231 | ---- | C] () -- C:\Users\Jymrohde\MatthiasRohde_Rohde_elster_2048 - Kopie.pfx [2013.03.13 17:38:11 | 000,073,197 | ---- | C] () -- C:\Users\Jymrohde\Documents\UseNeXT_Systemkategorien.dat [2013.03.13 17:34:05 | 000,001,857 | ---- | C] () -- C:\Users\Jymrohde\Desktop\UseNeXT by Tangysoft.lnk [2012.08.29 20:27:33 | 000,007,601 | ---- | C] () -- C:\Users\Jymrohde\AppData\Local\Resmon.ResmonCfg [2012.08.21 04:17:16 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2012.08.21 04:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2012.08.21 04:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.08.21 04:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2012.08.21 04:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2012.08.21 04:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2012.08.21 04:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2012.08.21 04:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2012.08.21 04:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2012.08.21 04:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2012.08.21 04:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll [2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll [2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll [2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll [2012.06.17 22:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe [2012.06.17 22:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe [2012.06.17 22:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll [2012.05.12 23:42:16 | 001,272,320 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll [2012.05.12 23:42:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll [2012.02.25 16:08:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.02.25 16:07:18 | 000,000,375 | ---- | C] () -- C:\Windows\MAXLINK.INI [2012.01.10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011.07.22 16:17:01 | 000,000,096 | ---- | C] () -- C:\Users\Jymrohde\AppData\Local\fusioncache.dat [2011.07.22 16:16:27 | 001,627,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.05.23 08:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.01.20 20:28:24 | 000,000,858 | ---- | C] () -- C:\Users\Jymrohde\.recently-used.xbel [2011.01.18 17:19:15 | 000,005,120 | ---- | C] () -- C:\Users\Jymrohde\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.26 16:17:27 | 000,000,680 | RHS- | C] () -- C:\Users\Jymrohde\ntuser.pol [2010.07.06 20:42:37 | 000,010,231 | ---- | C] () -- C:\Users\Jymrohde\MarianneRohde_Hans_elster_2048.pfx [2010.06.21 16:48:49 | 000,004,639 | ---- | C] () -- C:\Users\Jymrohde\MarianneRohde_Fred_elster_2048.pfx [2010.06.08 19:53:31 | 000,003,663 | ---- | C] () -- C:\Users\Jymrohde\Begrüßung_ElsterOnline1.pdf [2010.06.08 19:50:56 | 000,010,455 | ---- | C] () -- C:\Users\Jymrohde\MatthiasRohde_Rohde_elster_2048.pfx ========== ZeroAccess Check ========== [2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Jymrohde\AppData\Roaming\Mozilla\Firefox\Profiles\gp1168no.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.21 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\.oit [2012.11.25 12:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Avery [2011.06.25 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Downloaded Installations [2012.11.27 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Epson [2011.09.04 19:08:40 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.01.20 20:28:24 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\gtk-2.0 [2011.05.01 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\mkvtoolnix [2011.11.03 18:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Nitro PDF [2012.12.01 16:58:06 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Nuance [2012.11.16 10:57:07 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Research In Motion [2010.08.12 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\SafeStick [2012.03.14 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Sony [2010.07.23 15:30:02 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Spesoft Audio Converter [2010.04.11 16:40:56 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Thunderbird [2010.09.05 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Ubisoft [2013.03.26 14:10:32 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\UseNeXT [2011.06.25 17:43:52 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Vorlagen für Office 2010 [2011.02.24 21:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\XMedia Recode [2012.03.11 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Jymrohde\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0FF263E8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB EXTRA.TXT OTL Extras logfile created on: 26.03.2013 15:43:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jymrohde\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 19,74% Memory free 11,24 Gb Paging File | 2,56 Gb Available in Paging File | 22,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 199,90 Gb Total Space | 24,26 Gb Free Space | 12,14% Space Free | Partition Type: NTFS Drive D: | 265,76 Gb Total Space | 203,47 Gb Free Space | 76,56% Space Free | Partition Type: NTFS Computer Name: PRIVAT | User Name: Jymrohde | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A8CC1A-64A7-4F05-9CC7-74E0B69E8B61}" = lport=445 | protocol=6 | dir=in | app=system | "{10D3517C-2A66-4715-A1CF-720679FAE1E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1168ACFA-4244-48E0-B71D-91271ED061E1}" = lport=139 | protocol=6 | dir=in | app=system | "{22BFE73A-DE69-44EB-BB86-72C6195B9B79}" = rport=445 | protocol=6 | dir=out | app=system | "{27EDA6DA-F911-43B8-8654-0EF902C8DE65}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35F02D08-D522-4970-9416-6E701DE582F5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{3B3A74E5-AF26-44C1-A148-151D6E319916}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{48D280A6-B1BA-4E87-BE5C-03E8478970BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{5C98303C-F330-4586-9AE5-6A7C33B824E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D8811B6-DE02-473B-98AA-F928B15EB988}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6B76C416-8D17-4FD0-83D5-BA15A7CCAF40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D5AF8B8-75AA-4F2C-B692-3D75B0ED3EDE}" = rport=137 | protocol=17 | dir=out | app=system | "{73987A85-25EF-4514-A053-81ADA32E437E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7AAE315F-C688-42A9-B5E1-B288EF9740C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9447FFA9-E6E1-428E-AE0B-9215A8FB18E7}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{9854A685-3C6E-4E93-8A38-2BE17A701A9A}" = rport=139 | protocol=6 | dir=out | app=system | "{A439DF7A-B614-4609-B8E3-1D0ACC945940}" = rport=10243 | protocol=6 | dir=out | app=system | "{A4A1FA4D-F9E2-49E6-90EA-E62024EE51D7}" = lport=10243 | protocol=6 | dir=in | app=system | "{B012FF19-72E9-480F-B88C-7DF1EC7267B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3A71D4E-AEDC-4D2E-AD04-38C9C11A6BCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B90E1D8F-5855-47AD-886C-27FD93D14182}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | "{C19E6F51-B1DB-44FB-99CC-4214BB913114}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{C3CF1487-542A-41FC-BECC-9EE1DB4C7108}" = lport=138 | protocol=17 | dir=in | app=system | "{D718B6A5-3289-4EDB-A4FA-0FE04E895003}" = lport=2869 | protocol=6 | dir=in | app=system | "{D820170E-FAEE-4210-B3FF-637664E15FAA}" = lport=5031 | protocol=6 | dir=in | name=fritzfax | "{EABF5678-A43D-4A5A-B7B2-65D3ACF27A87}" = lport=5031 | protocol=17 | dir=in | name=fritzfax | "{ECAE72AE-669D-475D-83F6-8E642BAF0965}" = rport=138 | protocol=17 | dir=out | app=system | "{EF6EF0AB-2202-43AC-AEE7-6BA3ADCE2F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F6827258-6AD2-4F5A-89C0-BDF3DF735A20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F6DBF0AE-CB53-4E94-B56E-9BB9C0A4CA56}" = lport=137 | protocol=17 | dir=in | app=system | "{FAE34E09-60BC-4AEA-81B4-A8A68940C5F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E7B3BB-7069-48BB-A853-0308E64BDB0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0A18E14B-5385-40A6-A224-E1CEB396AAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 6.0\app\starmoney.exe | "{0E3B46BD-3D10-4F3A-9C97-559EE8F793AD}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{2289E95A-8ED6-468C-B584-F2E750D058CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{22E0388E-96C1-41C3-85F3-5BB1705D4835}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | "{255B8114-13E4-4050-983E-5BD6DA17498E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 6.0\ouservice\starmoneyonlineupdate.exe | "{27100DBB-8C74-492F-8822-0BE2538DDFAF}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{2A237FE4-AB1F-478F-9E39-4AA99FE1A75F}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 6.0\app\starmoney.exe | "{2ACEAC08-DF8A-4D32-A853-9E47510E511D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2F0E94CD-1A79-424F-944E-8B97D001A22A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{301F2F46-1545-4774-BC4F-91008E3D8785}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3699D940-0048-4915-A0C4-FEE1303370F7}" = protocol=17 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | "{39702212-9E3A-40A4-9528-6D1D3D9ED39E}" = protocol=6 | dir=out | app=system | "{3DB86C12-F920-4A96-8677-D998FA794FA8}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{3E1205F0-11D8-42A4-BD97-A34265E09CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{43E35B5B-21B6-4363-8EFB-23AC774182BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{44461570-23C4-4BEE-B95D-80E53AFE9584}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{463DC239-2BF3-4D3A-9D78-E912AA4D9FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe | "{526DA63A-F359-4514-B9EE-2627584DD442}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{555C4B8D-8C46-4D8A-A382-2A0DA5D967DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{58802BA7-DF56-44EB-9C3B-EB3216295278}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{62A4A03E-77AC-484C-9968-39109165D040}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67FF70D4-22EC-41C9-AD2C-2543BD4EF968}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6E7262DF-B2B2-41C2-AA58-A5F7A19D6167}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | "{722CFD63-6249-45C3-9942-695F98638C3F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7A6EAE43-BF16-4120-B9FC-AA8C38BBDC29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7A8E3BAF-F6A3-4C3D-847C-4E863E92D791}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe | "{7AA9FF84-9F0C-424D-94DF-2192B7832A81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7D17CBCD-777A-4D2D-9686-26DEEF61EF3B}" = dir=out | app=%programfiles% (x86)\alcohol soft\alcohol 120\alcohol.exe | "{824BB725-2408-4F55-9325-B7A338FC3BC3}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 1404\gu.exe | "{85697EB5-86E2-4F23-99DC-E0ED444A5432}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{8B921991-E87A-441D-8401-DCEEA3399C1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8BD928EF-2984-49C0-86A2-871930315BE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EA22B9A-3E00-4B96-8523-EF6D36991ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8FA95FE2-2B1A-4AF9-9C38-D0343C8E9310}" = protocol=6 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | "{91EA88D7-3BE7-466E-A18F-98EFFBB7B5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{99FC55E2-E44D-45BC-92FA-16092E8AC176}" = protocol=6 | dir=in | app=d:\starmoney business 5.0 s-edition\app\starmoney.exe | "{9B31ACCF-C27F-439F-AE9C-FBF9731CF5AB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 6.0\ouservice\starmoneyonlineupdate.exe | "{AE160062-916B-4753-82E4-FAF414B5AB91}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe | "{B4A53ED7-840C-45B3-BE2A-68E3E44ACEC8}" = protocol=17 | dir=in | app=d:\starmoney business 5.0 s-edition\ouservice\starmoneyonlineupdate.exe | "{B553E39E-A6A4-4481-BFBC-DBCE71B996A1}" = dir=out | app=%programfiles% (x86)\nitro pdf\registrycontroller.exe | "{B5F570C9-A2A1-49D1-A55F-2B5FD5DCE4B4}" = protocol=17 | dir=in | app=d:\starmoney business 5.0 s-edition\app\starmoney.exe | "{B6E0C3E0-A6F5-4E34-A95A-1BA9884576CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BC4648C8-CCF1-45A7-A781-913FBDE6DEEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C7E53ED6-1CB7-4863-BA5B-80D225F9F1AC}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{CA40D524-D2CB-4D3E-B729-506785D0062F}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{D3416915-E092-4524-A68C-F2CDDC188790}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DE779066-A492-415E-A9DC-29C841EEBFEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E9F50BF7-1B2F-4FCE-8BA7-5BF5079B28B7}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{FFB660E1-3DD2-432A-95AA-BE03C06F0987}" = protocol=6 | dir=in | app=d:\starmoney business 5.0 s-edition\ouservice\starmoneyonlineupdate.exe | "TCP Query User{1E8CF143-D49E-499A-AD62-7904ECEE6BC1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5739BB3A-1A60-40F1-A3F0-9E4FC8ACA141}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{D6CF8A06-324F-4CB2-90EB-CB72C3EA4BA4}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{2E07ABF0-5C3B-42D5-A81C-1D8D282FA970}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{7412A2B8-2D23-4AF9-B95E-3923DBDB4447}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{7A94849C-06F7-4BB8-98D7-95C847F93741}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon Backup & Recovery™ 10 Suite "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B79DA7A6-18A4-4147-9B49-A1AD9CB613FA}" = Nuance PDF Converter Enterprise 7 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{EC39CC32-E144-42E4-9A59-53C20B408BDE}" = WD SmartWare "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) "CCleaner" = CCleaner "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "EPSON WP-4545 Series" = EPSON WP-4545 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01A40157-2FE9-4FC0-91F8-D1C7F10E897F}_is1" = ImmobilienVerwaltung plus 2013 (13.0.0) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3 "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2 "{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney "{32A0FE82-9DE1-4D5E-B860-8018E725AE37}" = Microsoft .NET Compact Framework 1.0 SP3 "{340C2707-4768-40CE-B615-7BD843B310ED}" = StarMoney Business 5.0 S-Edition "{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Premium "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3E10F5-32D7-406E-89EE-F016C5EDB80B}" = TECHNO4EVER Player 1.1.2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71BD47B4-8623-4702-B2FF-EFD2A760AD6F}" = StarMoney Business 6.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1 "{7A434D88-4A51-4DD9-8B8B-BC6666BC25A0}" = SJ KOSMA "{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC610C8A-67CB-4633-9211-81A5E104FAD4}" = DesignPro 5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B79DA7A6-18A4-4147-9B49-A1AD9CB613FA}" = Nuance PDF Converter Enterprise 7 "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12 "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Allway Sync_is1" = Allway Sync version 12.14.2 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ENTERPRISER" = Microsoft Office Enterprise 2007 "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON WP-4545 Series Netg" = Netzwerkhandbuch EPSON WP-4545 Series "EPSON WP-4545 Series Useg" = Benutzerhandbuch EPSON WP-4545 Series "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "InstallShield_{AC610C8A-67CB-4633-9211-81A5E104FAD4}" = DesignPro 5 "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Lidl-Fotos_is1" = Lidl-Fotos "MailStore Home_is1" = MailStore Home 4.2.1.6501 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Media Player - Codec Pack" = Media Player Codec Pack 4.2.2 "MKVtoolnix" = MKVtoolnix 4.4.0 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ratDVD" = ratDVD 0.78.1444 "Spesoft Audio Converter_is1" = Spesoft Audio Converter 2.30 "ST6UNST #1" = Langenscheidts Vokabeltrainer "sv.net" = sv.net "T4EPlayer" = T4E Player "T4EPlayer_Skins" = T4E Player Skins "UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft "VLC media player" = VLC media player 1.1.0 "WinGimp-2.0_is1" = GIMP 2.6.11 "XMedia Recode" = XMedia Recode 2.3.0.8 "YTdetect" = Yahoo! Detect ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.09.2012 06:54:16 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0729bab3 ID des fehlerhaften Prozesses: 0xc3c Startzeit der fehlerhaften Anwendung: 0x01cd8f429d0222aa Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: dd075490-fb35-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:54:34 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06a0bab3 ID des fehlerhaften Prozesses: 0x1820 Startzeit der fehlerhaften Anwendung: 0x01cd8f42a914a90e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e799d127-fb35-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:54:55 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0699bab3 ID des fehlerhaften Prozesses: 0x15c8 Startzeit der fehlerhaften Anwendung: 0x01cd8f42b43079f8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f4434225-fb35-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:55:21 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0689bab3 ID des fehlerhaften Prozesses: 0xd4c Startzeit der fehlerhaften Anwendung: 0x01cd8f42c5004c2e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 037beec6-fb36-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:55:35 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x065dbab3 ID des fehlerhaften Prozesses: 0x141c Startzeit der fehlerhaften Anwendung: 0x01cd8f42cca4d815 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0c140375-fb36-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:56:11 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0721bab3 ID des fehlerhaften Prozesses: 0x1b5c Startzeit der fehlerhaften Anwendung: 0x01cd8f42e2ecf592 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 219370ef-fb36-11e1-92b8-6cf0497121fa Error - 10.09.2012 06:56:33 | Computer Name = Privat | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Rim.Transcoder.exe, Version: 7.0.0.56, Zeitstempel: 0x4fb55c78 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0764bab3 ID des fehlerhaften Prozesses: 0x10c8 Startzeit der fehlerhaften Anwendung: 0x01cd8f42f00225b3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2e6d1eaa-fb36-11e1-92b8-6cf0497121fa Error - 12.09.2012 04:51:57 | Computer Name = Privat | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.09.2012 12:43:22 | Computer Name = Privat | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.09.2012 17:04:46 | Computer Name = Privat | Source = Application Hang | ID = 1002 Description = Programm UseNeXT.exe, Version 0.2.4374.25239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13c0 Startzeit: 01cd9283232155d1 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\UseNeXT\UseNeXT.exe Berichts-ID: c952a9cb-feaf-11e1-83a8-6cf0497121fa [ OSession Events ] Error - 15.08.2011 12:06:01 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 545 seconds with 420 seconds of active time. This session ended with a crash. Error - 04.02.2012 12:14:22 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 631 seconds with 480 seconds of active time. This session ended with a crash. Error - 04.02.2012 12:14:42 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.02.2012 12:15:02 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.02.2012 12:15:37 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.03.2012 14:29:47 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10729 seconds with 480 seconds of active time. This session ended with a crash. Error - 06.04.2012 08:13:04 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9735 seconds with 120 seconds of active time. This session ended with a crash. Error - 29.04.2012 05:48:01 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 340 seconds with 240 seconds of active time. This session ended with a crash. Error - 16.11.2012 17:15:03 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30680 seconds with 360 seconds of active time. This session ended with a crash. Error - 14.03.2013 09:09:36 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5156 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.03.2013 10:02:02 | Computer Name = Privat | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{64c04a9d-380a-11df-a899-806e6f6e6963}" können nicht gelesen werden. Error - 26.03.2013 10:03:09 | Computer Name = Privat | Source = DCOM | ID = 10016 Description = Error - 26.03.2013 10:03:17 | Computer Name = Privat | Source = DCOM | ID = 10016 Description = Error - 26.03.2013 10:03:27 | Computer Name = Privat | Source = DCOM | ID = 10010 Description = Error - 26.03.2013 10:09:15 | Computer Name = Privat | Source = Service Control Manager | ID = 7034 Description = Dienst "JMB36X" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 26.03.2013 10:09:15 | Computer Name = Privat | Source = Service Control Manager | ID = 7034 Description = Dienst "Epson Printer Status Agent4" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 26.03.2013 10:25:26 | Computer Name = Privat | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{64c04a9d-380a-11df-a899-806e6f6e6963}" können nicht gelesen werden. Error - 26.03.2013 10:26:30 | Computer Name = Privat | Source = DCOM | ID = 10016 Description = Error - 26.03.2013 10:26:36 | Computer Name = Privat | Source = DCOM | ID = 10016 Description = Error - 26.03.2013 10:26:55 | Computer Name = Privat | Source = DCOM | ID = 10010 Description = < End of report > GMER.TXT GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-26 16:05:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC38 465,76GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Jymrohde\AppData\Local\Temp\ugldapob.sys ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [6036:6112] 000000007897d69c ---- EOF - GMER 2.1 ---- Ich hoffe es kann mir jemand helfen.....danke. Grüße M. |
|
26.03.2013, 23:12
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbar Hallo und
__________________ Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.03.2013, 06:02
| #3 |
| | Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbar Guten Morgen Cosinus,
__________________nein, keine weiteren Funde bei der LOG-Erstellung. Alle Logs die ich habe, habe ich beigefügt. Ich habe die Datei als "Film" im Netz gezogen. Gruß M. |
|
27.03.2013, 12:59
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbarZitat:
 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Kritischer Festplattenfehler; Desktop/ Daten eines Benutzerkonto nicht benutzbar |
| antivir, avira, bho, browser, converter, desktop, downloader, error, festplatte, firefox, flash player, google, hijack, home, iexplore.exe, install.exe, intranet, kritischer festplattenfehler, logfile, office 2007, plug-in, problem, realtek, richtlinie, safer networking, scan, senden, server, software, starmoney, starten, svchost.exe, usenext |
Linear-Darstellung
