Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Blue Screen beim Anmelden oder auch während der Nutzung des PC's

Blue Screen beim Anmelden oder auch während der Nutzung des PC's


Log-Analyse und Auswertung: Blue Screen beim Anmelden oder auch während der Nutzung des PC's

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.01.2012, 08:58   #1
villakarow
 
Blue Screen beim Anmelden oder auch während der Nutzung des PC's - Standard

Blue Screen beim Anmelden oder auch während der Nutzung des PC's


Hallo Helfer,

ich habe sehr oft beim Hochfahren des PC's einen Blue Sreen und dann folgende Fehlermeldung (mal die eine, mal die andere): "Page fault in non page area" oder irgendwas mit "nvmf6232.sys" (konnte nicht so schnell lesen). Ich habe zunächst gedacht, dass dies daran liegt, weil mein Systemlaufwerk voll war (nur noch ein paar MB frei). Das habe ich dann jedoch erweitert und der Fehler tritt weiterhin auf. Ich habe dann per google euch gefunden und auch bereits die Scans gemacht. Bedanke mich bereits jetzt für eure Hilfe.

Hier die OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PS3 Media Server) --  File not found
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- G:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CLKMSVC10_E1A16B3C) -- G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys ()
DRV - (NxDrv) -- C:\Windows\System32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FireDTV_DVBS2) -- C:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys (digital everywhere)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 0B 0A 86 3F 34 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.12.06 21:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 03:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 03:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
 
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.19 22:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.26 12:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.20 19:14:57 | 000,000,000 | ---D | M] (Vodafone Video Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\vodafone_video_plugin@vodafone.com
[2011.11.13 14:06:24 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\11-suche.xml
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
[2011.11.13 14:06:24 | 000,002,226 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\englische-ergebnisse.xml
[2011.11.13 14:06:24 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\gmx-suche.xml
[2011.11.13 14:06:24 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\lastminute.xml
[2011.11.13 14:06:24 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\webde-suche.xml
[2012.01.08 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.06 21:02:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.01.08 03:24:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 23:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 23:57:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.15 23:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 23:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 23:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 23:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] G:\Program Files\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [RemoteControl9] G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mysap.com ([tcs]  in Local intranet)
O15 - HKCU\..Trusted Domains: mysap.com ([tcs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*]  in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656]  in Local intranet)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26FD08B-C89E-4C7B-BB14-75191404BEDB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.24 00:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.19 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.16 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012.01.16 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012.01.15 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012.01.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.01.15 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.15 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.01.15 18:09:45 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.01.15 17:18:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.15 17:18:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.15 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECE5F498-1FE2-4D5D-80D7-2D7D0119A693}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17E6614C-5078-4717-8A54-35BFC711C460}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{08FCFB46-B553-48A7-BFE5-9303BA82F62E}
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.01.13 22:08:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.13 22:08:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.13 21:58:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.08 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.08 16:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.08 16:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.08 13:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2012.01.07 23:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.01 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Seas0nPass
[2012.01.01 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\***\CyberLink
[2012.01.01 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.01.01 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2012.01.01 15:52:51 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.01 15:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012.01.01 15:51:36 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6KO.DLL
[2012.01.01 15:51:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemdisp.tlb
[2012.01.01 15:51:35 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.01.01 15:45:12 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.01.01 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.01.01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2012.01.01 15:36:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.01.01 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.01.01 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.01.01 15:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011.12.29 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{476EF0BB-04D2-4678-8A2C-67248D68924A}
[2011.12.29 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0DC5FC1E-84E2-49E0-9598-025BDD6B7509}
[2011.12.29 12:02:32 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.12.29 11:43:13 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.12.29 11:43:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.12.29 11:43:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.29 11:39:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:05 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 23:49:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.23 23:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.23 23:35:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 00:53:27 | 000,007,595 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.17 23:01:01 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 23:01:01 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 23:01:01 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 23:01:01 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.16 14:46:24 | 000,014,976 | ---- | M] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 14:43:16 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.01.16 11:10:53 | 000,668,751 | ---- | M] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.16 08:27:42 | 000,302,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.15 18:32:41 | 000,266,087 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012.01.15 18:15:43 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.08 18:37:39 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 16:03:54 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:56:10 | 000,000,283 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:53:52 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:35:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:00:18 | 000,000,020 | ---- | M] () -- C:\Windows\ÈùZ
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:21 | 000,014,976 | ---- | C] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 10:13:24 | 000,668,751 | ---- | C] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:15:43 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.15 18:13:28 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.01.15 18:07:33 | 000,266,087 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.01.02 23:52:52 | 000,262,526 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.01.01 15:52:43 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:51:54 | 000,000,283 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:35:09 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:01:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.29 12:00:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.29 12:00:16 | 000,000,020 | ---- | C] () -- C:\Windows\ÈùZ
[2011.12.08 23:46:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll
[2011.07.24 17:01:20 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.13 13:30:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 13:29:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.01.07 19:15:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.07 19:15:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.07 19:15:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.07 19:15:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.07 19:15:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.07 19:15:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.07 19:15:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.07 19:15:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.07 19:15:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.07 19:15:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.07 19:15:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.07 19:15:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.07 19:15:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.07 19:15:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.07 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 16:20:31 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.01 16:41:15 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p15].bmp
[2010.11.01 16:41:08 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p14].bmp
[2010.11.01 16:41:02 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p13].bmp
[2010.11.01 16:40:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p12].bmp
[2010.11.01 16:40:50 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p11].bmp
[2010.11.01 16:40:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p10].bmp
[2010.11.01 16:40:36 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p09].bmp
[2010.11.01 16:40:26 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p08].bmp
[2010.11.01 16:40:17 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p07].bmp
[2010.11.01 16:40:07 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p06].bmp
[2010.11.01 16:39:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p05].bmp
[2010.11.01 16:39:49 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p04].bmp
[2010.11.01 16:39:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p03].bmp
[2010.11.01 16:39:38 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p02].bmp
[2010.09.07 16:48:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 23:32:11 | 000,000,133 | ---- | C] () -- C:\Windows\MUSCDPL.INI
[2010.08.26 23:24:27 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.08.26 22:16:29 | 000,000,061 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.03 20:38:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.08.03 19:46:37 | 012,939,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.15 18:08:13 | 000,023,699 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.10 22:51:57 | 000,007,595 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.05.02 15:51:38 | 000,019,647 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.05.01 11:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:14:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.11 21:02:19 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys
[2010.01.23 00:25:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.31 09:49:40 | 000,023,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 18:32:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.27 13:59:34 | 000,001,092 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.12.27 13:41:44 | 000,000,739 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.27 12:51:29 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.11.07 22:22:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Hier die Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{291D8FE1-ED05-4934-80CE-A5F6B7A8718D}" = MySQL Server 5.1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5285987F-41E8-49B5-9143-72FE789C3FC8}_is1" = MonkeyTunes 1.5.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C056FA6-E362-467B-8160-062E9474FEE5}" = SlimDX Redistributable for .NET 2.0 (March 2011)
"{7C68B60E-D6E6-4A9A-A181-A9D59133F8D0}" = StarMoney 7.0 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EF06A6A8-6B81-4A09-8223-789953972FFF}" = SonicWALL SSL-VPN NetExtender
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.5.3
"Free Studio_is1" = Free Studio version 4.8
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.6
"HandBrake" = HandBrake 0.9.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MediaInfo" = MediaInfo 0.7.52
"MediaMonkey_is1" = MediaMonkey 3.2
"MediaPortal" = MediaPortal
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"NVIDIA Drivers" = NVIDIA Drivers
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"Power TabV1" = Power Tab - Beta 0.98
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 6 Host" = TeamViewer 6 Host
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 04.12.2010 14:06:56 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:23:23 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:24:01 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 15:01:52 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 16:05:54 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 17:03:28 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 17:54:37 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Hier die defogger_disable.txt
Code:
ATTFilter
 
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:10 on 24/01/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Und schließlich gmer.txt:
[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-24 08:34:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.CR10
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1           82277369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2  822B0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000053       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                 aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---
Geändert von villakarow (24.01.2012 um 09:12 Uhr)

 

Themen zu Blue Screen beim Anmelden oder auch während der Nutzung des PC's
32 bit, 7-zip, antivirus, autorun, avast, bho, blue screen, bonjour, converter, defender, error, explorer, fehlermeldung, firefox, flash player, format, ftp, google, install.exe, intranet, langs, locker, logfile, mozilla, mp3, non page, nvmf6232.sys, officejet, page_fault, plug-in, realtek, registry, rundll, security, server, software, starmoney, studio, version=1.0, video converter, vodafone, webcheck, windows


« ...und wieder dieser lästige "ich soll 50€ bezahlen"-Virus...Hilfe! Trojaner,Malware | habe auch diesen bka ukash trojaner und keinen Plan was ich machen kann »


Ähnliche Themen: Blue Screen beim Anmelden oder auch während der Nutzung des PC's


  1. SuggestedSites.dat entdeckt und beim GMER Scan ist system abgestützt (blue screen)
    Log-Analyse und Auswertung - 18.10.2014 (11)
  2. windows 7 es öffnen sich ständig neue fenster rechner ist sehr langsam, ist auch schon mit blue screen abgestürtzt
    Log-Analyse und Auswertung - 09.09.2014 (1)
  3. Blue Screen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (31)
  4. Beim Google Chrome schliessen stuerzt der PC ab! -> Blue Screen!
    Alles rund um Windows - 17.03.2014 (3)
  5. Blue Screen: USB-Video.sys
    Alles rund um Windows - 11.01.2014 (3)
  6. Blue Screen (pacer.sys)
    Alles rund um Windows - 29.12.2013 (41)
  7. Blue Screen Win7
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (35)
  8. aswMBR absturz mit blue screen beim SCAN
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (3)
  9. Blue Screen Auswertung
    Log-Analyse und Auswertung - 24.09.2012 (1)
  10. Blue Screen bei PC Spiel
    Alles rund um Windows - 06.02.2012 (43)
  11. Blue Screen Absturz
    Alles rund um Windows - 14.04.2011 (42)
  12. blue screen....shutdown....
    Log-Analyse und Auswertung - 11.11.2010 (1)
  13. PC stürzt, beim ausführen bestimmter Programme, ohne Blue Screen ab !
    Netzwerk und Hardware - 16.10.2010 (3)
  14. Blue Screen während des Hochfahrens; PC nur im abgesicherten Modus nutzbar
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (17)
  15. blue screen
    Netzwerk und Hardware - 01.01.2009 (1)
  16. Blue Screen (Vista)
    Log-Analyse und Auswertung - 23.07.2008 (1)
  17. Smidfraud-Trojaner? SpyBot hilflos (beim Löschen blue-screen)
    Log-Analyse und Auswertung - 25.12.2007 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blue Screen beim Anmelden oder auch während der Nutzung des PC's - Hallo Helfer, ich habe sehr oft beim Hochfahren des PC's einen Blue Sreen und dann folgende Fehlermeldung (mal die eine, mal die andere): "Page fault in non page area" oder - Blue Screen beim Anmelden oder auch während der Nutzung des PC's...
Archiv
Du betrachtest: Blue Screen beim Anmelden oder auch während der Nutzung des PC's auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131