Pc extrem langsam, Firefox ausgebremst, ab und an Bluescreen

sdmmc

Hallo!

Habe vor ca. 6 Monaten den Pc neu aufgesetzt.
Er wird von ca. 3 Leuten verwendet, daher weiß ich nicht immer, was alles gemacht wird. Habe allerdings alle "störenden" Programme gelöscht und den Avira/Adaware Scanner laufen lassen, diese haben nichts gefunden.
Leider ist der Pc inzwischen extrem langsam geworden, könnte sein dass sich inzwischen diverse Störenfriede eingenistet haben!

Die StepbyStep-Anleitung habe ich befolgt, das einzige was abwich war bei DEFOGGER, hier wurde nach dem FINISHED-OK Click keine Neustartaufforderung angezeigt, daher habe ich ohne Neustart weiter gemacht.
Das DEFOGGER DISABLE-REENABLE Fenster wird immer noch angezeigt, soll ich das jetzt beenden oder warten bis hier jemand geholfen hat?!

Gruss und Danke!

OTL:
OTL logfile created on: 07.11.2011 11:44:40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Suzie\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,55 Mb Total Physical Memory | 164,83 Mb Available Physical Memory | 16,10% Memory free
2,00 Gb Paging File | 0,98 Gb Available in Paging File | 49,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 31,52 Gb Free Space | 64,69% Space Free | Partition Type: NTFS
Drive E: | 100,22 Gb Total Space | 53,93 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 1187,17 Gb Free Space | 63,72% Space Free | Partition Type: NTFS
Drive L: | 100,00 Mb Total Space | 71,66 Mb Free Space | 71,67% Space Free | Partition Type: NTFS

Computer Name: SUZIE-PC | User Name: Suzie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.07 11:43:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Suzie\Downloads\OTL.exe
PRC - [2011.11.07 11:30:38 | 000,050,477 | ---- | M] () -- C:\Users\Suzie\Downloads\Defogger.exe
PRC - [2011.11.05 16:40:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\#APZ\Firefox\firefox.exe
PRC - [2011.11.05 16:40:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- E:\#APZ\Firefox\plugin-container.exe
PRC - [2011.11.03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.11.03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.29 19:23:49 | 000,399,512 | ---- | M] (Mozilla Messaging) -- E:\#APZ\Thunderbird\thunderbird.exe
PRC - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\#APZ\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\#APZ\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\#APZ\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.04.14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- E:\#APZ\Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.07 11:30:38 | 000,050,477 | ---- | M] () -- C:\Users\Suzie\Downloads\Defogger.exe
MOD - [2011.11.05 16:40:08 | 001,833,944 | ---- | M] () -- E:\#APZ\Firefox\mozjs.dll
MOD - [2011.09.29 19:23:49 | 001,833,112 | ---- | M] () -- E:\#APZ\Thunderbird\mozjs.dll
MOD - [2011.09.29 19:23:49 | 000,161,944 | ---- | M] () -- E:\#APZ\Thunderbird\nsldap32v60.dll
MOD - [2011.09.29 19:23:49 | 000,021,656 | ---- | M] () -- E:\#APZ\Thunderbird\nsldappr32v60.dll
MOD - [2011.07.25 21:14:16 | 000,056,832 | ---- | M] () -- C:\Users\Suzie\AppData\Roaming\Thunderbird\Profiles\1nyvjnm6.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2011.06.15 14:00:51 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.11.03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\#APZ\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\#APZ\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.15 07:18:38 | 000,055,920 | ---- | M] () [Disabled | Stopped] -- C:\Programme\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
SRV - [2010.12.27 17:12:55 | 000,435,008 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- E:\#APZ\TuneUP2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.09.30 16:12:34 | 001,051,968 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- E:\#APZ\TuneUP2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.09.30 16:09:20 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.09 11:26:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\#APZ\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV - [2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.11.03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.21 11:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 11:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.07.22 12:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- E:\#APZ\TuneUP2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 13:06:46 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008.04.29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008.02.01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- E:\#APZ\PowerDvd\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2005.01.31 10:13:22 | 000,163,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2005.01.31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 6D EC BE BF A5 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E404CB9E-A980-4465-83A6-D15F6BB7BC96}:1.9.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\#APZ\Firefox\components [2011.11.05 16:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\#APZ\Firefox\plugins [2011.11.05 19:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: E:\#APZ\Thunderbird\components [2011.11.05 20:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: E:\#APZ\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E404CB9E-A980-4465-83A6-D15F6BB7BC96}: C:\Users\Suzie\AppData\Local\{E404CB9E-A980-4465-83A6-D15F6BB7BC96} [2011.04.06 15:46:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: E:\#APZ\Firefox\components [2011.11.05 16:40:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: E:\#APZ\Firefox\plugins [2011.11.05 19:11:16 | 000,000,000 | ---D | M]

[2010.12.27 13:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suzie\AppData\Roaming\mozilla\Extensions
[2011.11.05 16:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suzie\AppData\Roaming\mozilla\Firefox\Profiles\xujtyozo.default\extensions

O1 HOSTS File: ([2011.05.12 12:43:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\#APZ\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] E:\#APZ\Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\#APZ\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\#APZ\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\#APZ\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\#APZ\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{466B5820-DAC5-4458-8528-EFAADEBAA60F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B5D34C-74D6-4F90-8416-A1EF035CD5F0}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\#APZ\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\#APZ\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SiICfg.lnk - C:\Programme\Silicon Image\SiICfg\SiICfg.exe - (Silicon Image, Inc.)
MsConfig - StartUpFolder: C:^Users^Suzie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - E:\#APZ\Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - E:\#APZ\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - E:\#APZ\DTlite\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - E:\#APZ\Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - File not found
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - E:\#APZ\PowerDvd\PowerDVD8\Language\Language.exe ()
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - E:\#APZ\PowerDvd\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: VIARaidUtl - hkey= - key= - C:\Programme\VIA\RAID\raid_tool.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - E:\#APZ\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.05 22:05:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.11.05 22:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.11.05 22:04:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.05 21:57:10 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\vlc
[2011.11.05 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.11.05 20:49:29 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Local\Downloaded Installations
[2011.11.05 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Leadertech
[2011.11.05 20:37:04 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Local\Thunderbird
[2011.11.05 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Thunderbird
[2011.11.05 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Malwarebytes
[2011.11.05 19:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.05 19:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.11.05 19:18:16 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.11.05 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.11.05 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.11.05 19:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011.11.05 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\Suzie\SystemRequirementsLab
[2011.11.05 19:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.11.05 19:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.11.05 19:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

========== Files - Modified Within 30 Days ==========

[2011.11.07 11:31:18 | 000,000,000 | ---- | M] () -- C:\Users\Suzie\defogger_reenable
[2011.11.07 11:05:15 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 11:05:15 | 000,019,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 11:01:55 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.07 11:01:55 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.07 11:01:55 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.07 11:01:55 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.07 10:57:12 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.11.07 10:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 10:56:44 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.06 18:39:51 | 000,000,262 | ---- | M] () -- C:\Users\Suzie\AppData\Roaming\burnaware.ini
[2011.11.06 16:40:04 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.11.06 16:40:04 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.11.05 22:05:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.05 20:50:56 | 000,005,632 | ---- | M] () -- C:\Users\Suzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.05 20:36:56 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.11.05 20:36:56 | 000,000,789 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
[2011.11.05 19:29:02 | 003,788,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.05 19:23:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.11.05 19:14:47 | 000,002,697 | ---- | M] () -- C:\Users\Suzie\Desktop\Microsoft Office Word 2007.lnk
[2011.11.05 19:14:46 | 000,002,703 | ---- | M] () -- C:\Users\Suzie\Desktop\Microsoft Office Excel 2007.lnk
[2011.11.05 16:46:25 | 000,007,597 | ---- | M] () -- C:\Users\Suzie\AppData\Local\Resmon.ResmonCfg
[2011.11.05 16:18:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.11.05 16:18:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.10.15 09:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.10.15 09:53:00 | 000,004,359 | ---- | M] () -- C:\Windows\System32\nvinfo.pb

========== Files Created - No Company Name ==========

[2011.11.07 11:31:18 | 000,000,000 | ---- | C] () -- C:\Users\Suzie\defogger_reenable
[2011.11.07 10:57:12 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.11.05 22:05:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.05 20:36:56 | 000,000,789 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.11.05 20:36:56 | 000,000,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
[2011.11.05 19:23:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.11.05 19:14:47 | 000,002,697 | ---- | C] () -- C:\Users\Suzie\Desktop\Microsoft Office Word 2007.lnk
[2011.11.05 19:14:46 | 000,002,703 | ---- | C] () -- C:\Users\Suzie\Desktop\Microsoft Office Excel 2007.lnk
[2011.11.05 16:39:56 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.11.05 16:39:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.11.05 16:30:57 | 000,007,597 | ---- | C] () -- C:\Users\Suzie\AppData\Local\Resmon.ResmonCfg
[2011.10.09 10:06:50 | 002,334,764 | ---- | C] () -- C:\Users\Suzie\Desktop\The Hobbit - 0223 - J.R.R. Tolkien - Rob Inglis.mp3
[2011.05.12 12:37:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.12 12:37:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.12 12:37:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.12 12:37:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.12 12:37:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.01 18:37:07 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 18:37:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.06 15:46:12 | 000,000,120 | ---- | C] () -- C:\Users\Suzie\AppData\Local\Udinozolocemuva.dat
[2011.04.06 15:46:12 | 000,000,000 | ---- | C] () -- C:\Users\Suzie\AppData\Local\Wfadikujikapa.bin
[2010.12.27 20:20:27 | 000,380,928 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\places.sqlite
[2010.12.27 20:15:45 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.27 18:08:57 | 000,005,632 | ---- | C] () -- C:\Users\Suzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:46:02 | 000,000,262 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\burnaware.ini
[2010.12.27 17:00:17 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 003,788,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2005.01.31 10:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS
[2005.01.31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010.12.27 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\DAEMON Tools Lite
[2011.11.05 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\Leadertech
[2011.08.20 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\OpenOffice.org
[2010.12.29 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.05 20:37:04 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\Thunderbird
[2010.12.27 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\TuneUp Software
[2010.12.27 17:58:16 | 000,000,000 | ---D | M] -- C:\Users\Suzie\AppData\Roaming\XMedia Recode
[2011.11.07 10:57:12 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.05 19:46:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.05.12 12:45:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.11.06 11:23:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.27 12:52:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.02 16:14:24 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.12.27 13:24:31 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.06 16:20:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.06 11:23:54 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.27 12:52:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.12 12:45:46 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.12.27 12:52:49 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.05.12 11:34:17 | 000,000,000 | ---D | M] -- C:\rsit
[2011.11.07 11:47:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.27 12:55:23 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.05 21:55:32 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010.03.09 11:29:29 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010.03.09 11:26:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010.03.09 11:26:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010.03.09 11:29:29 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.03.09 11:29:29 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.03.09 11:29:29 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.03.09 11:29:29 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-26 19:23:16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP282699C

< End of report >


EXTRAS:
OTL Extras logfile created on: 07.11.2011 11:44:41 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Suzie\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,55 Mb Total Physical Memory | 164,83 Mb Available Physical Memory | 16,10% Memory free
2,00 Gb Paging File | 0,98 Gb Available in Paging File | 49,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 31,52 Gb Free Space | 64,69% Space Free | Partition Type: NTFS
Drive E: | 100,22 Gb Total Space | 53,93 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 1187,17 Gb Free Space | 63,72% Space Free | Partition Type: NTFS
Drive L: | 100,00 Mb Total Space | 71,66 Mb Free Space | 71,67% Space Free | Partition Type: NTFS

Computer Name: SUZIE-PC | User Name: Suzie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\#APZ\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\#APZ\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\#APZ\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\#APZ\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\#APZ\PS\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\#APZ\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\#APZ\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\#APZ\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\#APZ\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\#APZ\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 1.51 for Office
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91649626-E343-11D5-BCEF-005004748D87}" = SiICfg
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BurnAware Free_is1" = BurnAware Free 3.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"JDownloader" = JDownloader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"OpenAL" = OpenAL
"SystemRequirementsLab" = System Requirements Lab
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"XMedia Recode" = XMedia Recode 2.2.9.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2011 11:23:47 | Computer Name = Suzie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.11.9745,
Zeitstempel: 0x4bb7e538 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bb7e511 Ausnahmecode: 0xc0000005 Fehleroffset: 0x016b9a9d
ID
des fehlerhaften Prozesses: 0x480 Startzeit der fehlerhaften Anwendung: 0x01cc9bcedfbbc0b6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe Pfad des fehlerhaften
Moduls: NVCPL.DLL Berichtskennung: 27398767-07c2-11e1-ab7b-0011d851696e

Error - 05.11.2011 11:34:23 | Computer Name = Suzie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.11.9745,
Zeitstempel: 0x4bb7e538 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bb7e511 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01439a9d
ID
des fehlerhaften Prozesses: 0x4a8 Startzeit der fehlerhaften Anwendung: 0x01cc9bd05bb68876
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe Pfad des fehlerhaften
Moduls: NVCPL.DLL Berichtskennung: a2c92b7a-07c3-11e1-bc44-0011d851696e

Error - 05.11.2011 13:55:07 | Computer Name = Suzie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.11.9745,
Zeitstempel: 0x4bb7e538 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bb7e511 Ausnahmecode: 0xc0000005 Fehleroffset: 0x014d9a9d
ID
des fehlerhaften Prozesses: 0x4b0 Startzeit der fehlerhaften Anwendung: 0x01cc9be4045b5066
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe Pfad des fehlerhaften
Moduls: NVCPL.DLL Berichtskennung: 4b6d0e89-07d7-11e1-9a18-0011d851696e

Error - 05.11.2011 13:59:13 | Computer Name = Suzie-PC | Source = VSS | ID = 8194
Description =

Error - 05.11.2011 14:05:29 | Computer Name = Suzie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: nvcpl.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bb7e511 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0d0e9a9d
ID
des fehlerhaften Prozesses: 0x570 Startzeit der fehlerhaften Anwendung: 0x01cc9be40525f848
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
nvcpl.dll Berichtskennung: be808e31-07d8-11e1-9a18-0011d851696e

Error - 05.11.2011 14:15:55 | Computer Name = Suzie-PC | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 05.11.2011 14:16:16 | Computer Name = Suzie-PC | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Excel.

Error - 05.11.2011 16:58:22 | Computer Name = Suzie-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 05.11.2011 16:59:09 | Computer Name = Suzie-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 06.11.2011 13:39:50 | Computer Name = Suzie-PC | Source = Application Hang | ID = 1002
Description = Programm DataDisc.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f9c Startzeit:
01cc9ca954a0b869 Endzeit: 94 Anwendungspfad: E:\#APZ\BurnAware Free\DataDisc.exe Berichts-ID:
4c71255f-089e-11e1-bfa1-0011d851696e

[ OSession Events ]
Error - 02.06.2011 15:27:47 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.06.2011 04:18:46 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.06.2011 09:50:58 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.06.2011 09:51:11 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.06.2011 13:32:27 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04.06.2011 05:25:33 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.06.2011 06:53:07 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.06.2011 11:06:52 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.06.2011 04:06:02 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.06.2011 08:46:13 | Computer Name = Suzie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22.06.2011 10:59:21 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 22.06.2011 11:26:35 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 25.06.2011 06:55:37 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 26.06.2011 06:52:37 | Computer Name = Suzie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2011 um 20:42:15 unerwartet heruntergefahren.

Error - 26.06.2011 06:52:54 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 26.06.2011 09:57:07 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 27.06.2011 04:58:40 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 27.06.2011 17:35:33 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 28.06.2011 03:23:00 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 28.06.2011 15:58:13 | Computer Name = Suzie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


< End of report >


GMER:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-07 13:21:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1614N rev.TM100-30
Running: bdke9fll.exe; Driver: C:\Users\Suzie\AppData\Local\Temp\ugloypod.sys


---- System - GMER 1.0.15 ----

SSDT 89F89FE6 ZwCreateSection
SSDT 89F89FEB ZwSetContextThread
SSDT 89F89F87 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 81A87349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AC0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81AC7EAC 4 Bytes [E6, 9F, F8, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81AC824C 4 Bytes [EB, 9F, F8, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 81AC8324 4 Bytes [87, 9F, F8, 89]
E:\#APZ\PowerDvd\PowerDVD8\000.fcl entry point in "" section [0x8CD31000]
.clc E:\#APZ\PowerDvd\PowerDVD8\000.fcl unknown last section [0x8CD32000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text E:\#APZ\Firefox\firefox.exe[452] ntdll.dll!LdrLoadDll 77BE22B8 5 Bytes JMP 65D6FAE0 E:\#APZ\Firefox\xul.dll (Mozilla Foundation)
.text E:\#APZ\Thunderbird\thunderbird.exe[1720] ntdll.dll!LdrLoadDll 77BE22B8 5 Bytes JMP 013413BF E:\#APZ\Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)
.text E:\#APZ\Firefox\plugin-container.exe[2216] USER32.dll!GetWindowInfo 77164B5E 5 Bytes JMP 65EE89A7 E:\#APZ\Firefox\xul.dll (Mozilla Foundation)
.text E:\#APZ\Firefox\plugin-container.exe[2216] USER32.dll!TrackPopupMenu 77172228 5 Bytes JMP 65EE8F65 E:\#APZ\Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----