Festplatte C füllt sich unaufhaltsam

Adlermania · 03.07.2013, 20:24

Ja

schrauber · 03.07.2013, 20:46

Bitte ein frisches FRST log. Wenn ich jetzt keine Eingebung mehr hab booten wir von Linux, sichern deine Daten und machen das System neu.

Adlermania · 03.07.2013, 21:49

Okay

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM on 03-07-2013 22:45:11
Running from F:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [x]
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [x]
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKU\patrick\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\patrick\...\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent [x]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-05-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-05-06] (Avira Operations GmbH & Co. KG)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [x]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [x]
S2 RalinkRegistryWriter; "C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe" [x]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-06] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-06] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-06] (Avira Operations GmbH & Co. KG)
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [x]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [x]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [x]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [x]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [x]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [x]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [x]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [x]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [x]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [x]
S0 amdxata; system32\drivers\amdxata.sys [x]
S3 arc; \SystemRoot\system32\drivers\arc.sys [x]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [x]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [x]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [x]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [x]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [x]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [x]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [x]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [x]
S3 CmBatt; \SystemRoot\system32\drivers\CmBatt.sys [x]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [x]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [x]
S3 dmvsc; \SystemRoot\system32\drivers\dmvsc.sys [x]
S3 E1G60; system32\DRIVERS\E1G6032E.sys [x]
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [x]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [x]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [x]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [x]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [x]
S3 fssfltr; system32\DRIVERS\fssfltr.sys [x]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [x]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [x]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [x]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [x]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [x]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x]
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [x]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [x]
S3 intelppm; \SystemRoot\system32\drivers\intelppm.sys [x]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [x]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [x]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [x]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [x]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [x]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [x]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [x]
S3 ManyCam; system32\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [x]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [x]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [x]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [x]
S3 MRV6X64P; system32\DRIVERS\MRVW13C.sys [x]
S3 msahci; \SystemRoot\system32\drivers\msahci.sys [x]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [x]
S3 MSHUSBVideo; System32\Drivers\nx6000.sys [x]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [x]
S3 netr28x; system32\DRIVERS\netr28x.sys [x]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [x]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 NVENETFD; system32\DRIVERS\nvm62x64.sys [x]
S3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 NVNET; system32\DRIVERS\nvmf6264.sys [x]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [x]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [x]
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [x]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [x]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [x]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [x]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [x]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [x]
S2 secdrv; No ImagePath
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [x]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [x]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [x]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [x]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [x]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [x]
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [x]
S0 storflt; system32\drivers\vmstorfl.sys [x]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [x]
S3 swenum; system32\DRIVERS\swenum.sys [x]
S3 Synth3dVsc; \SystemRoot\system32\drivers\Synth3dVsc.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
S3 terminpt; \SystemRoot\system32\drivers\terminpt.sys [x]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [x]
S3 tsusbhub; \SystemRoot\system32\drivers\tsusbhub.sys [x]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [x]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [x]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [x]
S3 usbprint; \SystemRoot\system32\drivers\usbprint.sys [x]
S3 usbser; system32\drivers\usbser.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltjx64.sys [x]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [x]
S3 VClone; system32\DRIVERS\VClone.sys [x]
S3 vga; system32\DRIVERS\vgapnp.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [x]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [x]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [x]
S3 vmbus; \SystemRoot\system32\drivers\vmbus.sys [x]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [x]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [x]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [x]
S3 Wd; \SystemRoot\system32\drivers\wd.sys [x]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 20:26 - 2013-07-03 15:19 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-28 18:56 - 2013-06-27 22:44 - 56623104 ____A C:\Windows\System32\config\SOFTWARE.OLD
2013-06-28 18:56 - 2013-06-27 11:58 - 15204352 ____A C:\Windows\System32\config\SYSTEM.OLD
2013-06-28 18:56 - 2013-06-27 11:58 - 00262144 ____A C:\Windows\System32\config\SECURITY.OLD
2013-06-28 18:56 - 2013-06-27 11:58 - 00262144 ____A C:\Windows\System32\config\SAM.OLD
2013-06-28 18:56 - 2013-06-27 11:58 - 00262144 ____A C:\Windows\System32\config\DEFAULT.OLD
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 11:54 - 2013-06-27 11:54 - 00000224 ____A C:\Windows\setupact.log
2013-06-27 11:54 - 2013-06-27 11:54 - 00000000 ____A C:\Windows\setuperr.log
2013-06-27 11:43 - 2013-06-27 11:48 - 00000000 ____D C:\ComboFix
2013-06-16 02:00 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 02:00 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 02:00 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 02:00 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 02:00 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 02:00 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 02:00 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 02:00 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 02:00 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 02:00 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 02:00 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 02:00 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 00:41 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:41 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:41 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:41 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 00:41 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:41 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 00:41 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 00:41 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:30 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 18:30 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 18:30 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 18:30 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 18:30 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:30 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:30 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:30 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 18:30 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:30 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:30 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 18:30 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 18:30 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

==================== One Month Modified Files and Folders =======

2013-07-03 15:19 - 2013-06-28 20:26 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 22:44 - 2013-06-28 18:56 - 56623104 ____A C:\Windows\System32\config\SOFTWARE.OLD
2013-06-27 11:58 - 2013-06-28 18:56 - 15204352 ____A C:\Windows\System32\config\SYSTEM.OLD
2013-06-27 11:58 - 2013-06-28 18:56 - 00262144 ____A C:\Windows\System32\config\SECURITY.OLD
2013-06-27 11:58 - 2013-06-28 18:56 - 00262144 ____A C:\Windows\System32\config\SAM.OLD
2013-06-27 11:58 - 2013-06-28 18:56 - 00262144 ____A C:\Windows\System32\config\DEFAULT.OLD
2013-06-27 11:58 - 2011-12-25 16:00 - 01641368 ____A C:\Windows\WindowsUpdate.log
2013-06-27 11:58 - 2009-07-14 05:45 - 00019488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 11:58 - 2009-07-14 05:45 - 00019488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 11:54 - 2013-06-27 11:54 - 00000224 ____A C:\Windows\setupact.log
2013-06-27 11:54 - 2013-06-27 11:54 - 00000000 ____A C:\Windows\setuperr.log
2013-06-27 11:51 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-06-27 11:51 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ___SD C:\Windows\Media
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\winevt
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\spool
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\SMI
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Setup
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\MUI
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\com
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PLA
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
2013-06-27 11:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-06-27 11:50 - 2011-12-25 16:00 - 00000000 ____D C:\users\patrick
2013-06-27 11:48 - 2013-06-27 11:43 - 00000000 ____D C:\ComboFix
2013-06-27 11:48 - 2013-05-27 19:30 - 00000000 ____D C:\Users\patrick\AppData\Local\Downloaded Installations
2013-06-27 11:48 - 2012-04-12 19:02 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-06-27 11:48 - 2012-01-03 18:21 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-06-27 11:48 - 2011-12-26 01:26 - 00000000 ____D C:\Program Files (x86)\VIA
2013-06-27 11:48 - 2011-12-26 01:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-27 11:48 - 2011-12-26 00:53 - 00000000 ____D C:\Program Files\WinRAR
2013-06-27 11:48 - 2011-12-25 17:10 - 00000000 ____D C:\users\Administrator
2013-06-27 11:48 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-27 11:48 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-06-27 11:48 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2013-06-27 11:48 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-13 09:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-08 15:08 - 2013-06-16 02:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-16 02:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-16 02:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-16 02:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-16 02:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-16 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-16 02:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-16 02:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-16 02:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-16 02:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-16 02:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-16 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3839.3 MB
Available physical RAM: 3240.65 MB
Total Pagefile: 3837.5 MB
Available Pagefile: 3226.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:33.92 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (Madmax764113) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Daten) (Fixed) (Total:249.26 GB) (Free:67.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD6CFD6C)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-06-23 13:03

==================== End Of Log ============================

--- --- ---

Was auf C ist, ist mir jetzt nicht so wichtig, wär halt gut wenn ich dann ne Liste hätte mit den wichtigsten Programmen die wieder drauf müssen (Treiber, Avira etc...), aber D bräuchte ich noch.

schrauber · 04.07.2013, 07:10

Jep, das Teil ist hinüber.

Installier Windows neu. Formatier die Platte C wenn Du gefragt wirst, D wird ja nicht angerührt. Da bleiben die Daten drauf, auser du sagst explizit D auch formatieren

.

Dann machen wir uns zusamme an Programme und Co :

Adlermania · 04.07.2013, 16:08

So ich habe C formatiert und seh nach langer Zeit wieder mein Desktop

.
Hab hier noch die CD von meinem wireless network PCI card 300N. Die mal zuerst einlegen?

schrauber · 04.07.2013, 19:44

Jap. Und Treiber_CD des Rechners falls vorhanden.

Adlermania · 04.07.2013, 19:49

Hmm ich find die CD grad nicht mehr. Kann man den Treiber auch runterladen?

Wenn ich unten links auf Start und auf Computer gehe zeigt er mir nur ein Laufwerk C an.

schrauber · 04.07.2013, 20:01

Poste mal ein FRST log mit Additional.

Adlermania · 05.07.2013, 12:40

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 05-07-2013 13:38:18
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
ShortcutTarget: Sitecom Wireless Utility.lnk -> C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe (Sitecom Europe BV.)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-20] (Avira Operations GmbH & Co. KG)
S2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
S2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 20:04 - 2013-07-04 20:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 20:00 - 2013-07-04 19:59 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 19:58 - 2013-07-04 19:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 19:58 - 2013-06-20 13:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-04 19:58 - 2013-06-20 13:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-04 19:58 - 2013-03-06 15:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-04 19:55 - 2013-07-04 19:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:53 - 2013-07-04 19:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 19:52 - 2013-07-04 19:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 19:52 - 2013-07-04 19:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 19:51 - 2010-12-30 16:34 - 01177440 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2013-07-04 19:51 - 2010-12-30 16:30 - 00327008 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2013-07-04 19:51 - 2010-12-30 16:30 - 00014051 ____A C:\Windows\SysWOW64\RaCoInst.dat
2013-07-04 19:51 - 2010-12-30 16:30 - 00014051 ____A C:\Windows\System32\RaCoInst.dat
2013-07-04 19:51 - 2009-12-10 10:16 - 02061600 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01590560 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Windows.old
2013-07-04 16:03 - 2013-07-04 16:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 16:03 - 2013-02-19 21:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-07-04 16:03 - 2013-02-19 21:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-07-04 16:03 - 2013-01-31 10:25 - 06207776 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-07-04 16:03 - 2013-01-31 10:25 - 03300640 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 00878368 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-07-04 16:03 - 2013-01-31 10:24 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-07-04 16:02 - 2013-07-04 19:51 - 00000000 ____D C:\Windows\LastGood
2013-07-04 16:02 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 16:02 - 2013-07-04 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 15:55 - 2013-07-04 15:55 - 00000020 __ASH C:\Users\patrick\ntuser.ini
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Recovery
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Programme
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\users\patrick
2013-07-04 15:47 - 2013-07-04 20:10 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 15:43 - 2013-07-04 15:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 11:43 - 2013-06-27 11:48 - 00000000 ____D C:\ComboFix

==================== One Month Modified Files and Folders =======

2013-07-04 20:10 - 2013-07-04 15:47 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 20:10 - 2009-07-14 05:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:10 - 2009-07-14 05:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:04 - 2013-07-04 20:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 19:59 - 2013-07-04 20:00 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 19:58 - 2013-07-04 19:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 19:55 - 2013-07-04 19:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:53 - 2013-07-04 19:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 19:52 - 2013-07-04 19:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 19:52 - 2013-07-04 19:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 19:51 - 2013-07-04 16:02 - 00000000 ____D C:\Windows\LastGood
2013-07-04 16:42 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-07-04 16:42 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Windows.old
2013-07-04 16:04 - 2011-04-12 08:43 - 00698688 ____A C:\Windows\System32\perfh007.dat
2013-07-04 16:04 - 2011-04-12 08:43 - 00148828 ____A C:\Windows\System32\perfc007.dat
2013-07-04 16:04 - 2009-07-14 06:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 16:03 - 2013-07-04 16:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 16:03 - 2013-07-04 16:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-07-04 16:02 - 2013-07-04 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 16:02 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000020 __ASH C:\Users\patrick\ntuser.ini
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Recovery
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Programme
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\users\patrick
2013-07-04 15:55 - 2013-01-17 07:27 - 00000000 ____D C:\Windows\Panther
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-04 15:52 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 15:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 15:49 - 2013-01-17 09:29 - 00006406 ____A C:\Windows\setupact.log
2013-07-04 15:45 - 2013-01-17 07:31 - 00003652 ____A C:\Windows\TSSysprep.log
2013-07-04 15:45 - 2009-07-14 05:46 - 00003806 ____A C:\Windows\DtcInstall.log
2013-07-04 15:43 - 2013-07-04 15:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 11:48 - 2013-06-27 11:43 - 00000000 ____D C:\ComboFix
2013-06-20 13:48 - 2013-07-04 19:58 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:48 - 2013-07-04 19:58 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-04 19:51:39
Restore point made on: 2013-07-04 19:53:25

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3839.3 MB
Available physical RAM: 3244.48 MB
Total Pagefile: 3837.5 MB
Available Pagefile: 3231.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:16.94 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (Madmax764113) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Daten) (Fixed) (Total:249.26 GB) (Free:67.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD6CFD6C)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-04 16:28

==================== End Of Log ============================

--- --- ---

schrauber · 05.07.2013, 17:07

Nee ich meinte aus dem normalen Windows

Adlermania · 05.07.2013, 17:57

Oh achso

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013 (ATTENTION: FRST version is 8 days old)
Ran by patrick (administrator) on 05-07-2013 18:54:22
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
(Sitecom Europe BV.) C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

==================== Registry (Whitelisted) ==================

MountPoints2: {16b9a803-e4b8-11e2-ba8c-806e6f6e6963} - D:\menu\cdmenu4.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
ShortcutTarget: Sitecom Wireless Utility.lnk -> C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe (Sitecom Europe BV.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 21:04 - 2013-07-04 21:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 21:00 - 2013-07-04 20:59 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 20:58 - 2013-07-04 20:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 20:58 - 2013-07-04 20:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 20:58 - 2013-07-04 20:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 20:58 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-04 20:58 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-04 20:58 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-04 20:55 - 2013-07-04 20:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 20:53 - 2013-07-04 20:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 20:52 - 2013-07-04 20:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 20:52 - 2013-07-04 20:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 20:51 - 2010-12-30 17:34 - 01177440 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2013-07-04 20:51 - 2010-12-30 17:30 - 00327008 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2013-07-04 20:51 - 2010-12-30 17:30 - 00014051 ____A C:\Windows\SysWOW64\RaCoInst.dat
2013-07-04 20:51 - 2010-12-30 17:30 - 00014051 ____A C:\Windows\System32\RaCoInst.dat
2013-07-04 20:51 - 2009-12-10 11:16 - 02061600 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2013-07-04 20:51 - 2009-12-10 11:16 - 01590560 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2013-07-04 20:51 - 2009-12-10 11:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2013-07-04 20:51 - 2009-12-10 11:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2013-07-04 20:51 - 2009-12-10 11:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2013-07-04 20:51 - 2009-12-10 11:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2013-07-04 17:31 - 2013-07-04 17:31 - 00000000 ____D C:\Windows.old
2013-07-04 17:03 - 2013-07-04 17:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 17:03 - 2013-02-19 22:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-07-04 17:03 - 2013-02-19 22:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-07-04 17:03 - 2013-01-31 11:25 - 06207776 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-07-04 17:03 - 2013-01-31 11:25 - 03300640 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-07-04 17:03 - 2013-01-31 11:24 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-07-04 17:03 - 2013-01-31 11:24 - 00878368 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-07-04 17:03 - 2013-01-31 11:24 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-07-04 17:03 - 2013-01-31 11:24 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-07-04 17:02 - 2013-07-04 17:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 17:02 - 2013-07-04 17:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 16:55 - 2013-07-04 16:55 - 00000020 ___SH C:\Users\patrick\ntuser.ini
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Recovery
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Programme
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 ____D C:\users\patrick
2013-07-04 16:47 - 2013-07-04 21:10 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 13:18 - 2013-06-28 13:18 - 00000000 ____D C:\FRST
2013-06-27 12:43 - 2013-06-27 12:48 - 00000000 ____D C:\ComboFix

==================== One Month Modified Files and Folders =======

2013-07-05 18:53 - 2013-01-17 10:29 - 00007257 ____A C:\Windows\setupact.log
2013-07-05 18:52 - 2010-11-21 05:47 - 00007876 ____A C:\Windows\PFRO.log
2013-07-05 18:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 21:10 - 2013-07-04 16:47 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 21:10 - 2009-07-14 06:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:10 - 2009-07-14 06:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:04 - 2013-07-04 21:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 20:59 - 2013-07-04 21:00 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 20:58 - 2013-07-04 20:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 20:58 - 2013-07-04 20:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 20:58 - 2013-07-04 20:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 20:55 - 2013-07-04 20:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 20:53 - 2013-07-04 20:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 20:52 - 2013-07-04 20:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 20:52 - 2013-07-04 20:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 20:51 - 2013-07-04 20:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 17:42 - 2009-07-14 07:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-07-04 17:42 - 2009-07-14 07:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-07-04 17:31 - 2013-07-04 17:31 - 00000000 ____D C:\Windows.old
2013-07-04 17:04 - 2011-04-12 09:43 - 00698688 ____A C:\Windows\System32\perfh007.dat
2013-07-04 17:04 - 2011-04-12 09:43 - 00148828 ____A C:\Windows\System32\perfc007.dat
2013-07-04 17:04 - 2009-07-14 07:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 17:03 - 2013-07-04 17:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 17:03 - 2013-07-04 17:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 17:03 - 2013-07-04 17:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 17:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-07-04 17:02 - 2013-07-04 17:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 17:02 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-04 16:55 - 2013-07-04 16:55 - 00000020 ___SH C:\Users\patrick\ntuser.ini
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Recovery
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Programme
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 ____D C:\users\patrick
2013-07-04 16:55 - 2013-01-17 08:27 - 00000000 ____D C:\Windows\Panther
2013-07-04 16:55 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-04 16:55 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-04 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-07-04 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-04 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 16:45 - 2013-01-17 08:31 - 00003652 ____A C:\Windows\TSSysprep.log
2013-07-04 16:45 - 2009-07-14 06:46 - 00003806 ____A C:\Windows\DtcInstall.log
2013-07-04 16:43 - 2013-07-04 16:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 13:18 - 2013-06-28 13:18 - 00000000 ____D C:\FRST
2013-06-27 12:48 - 2013-06-27 12:43 - 00000000 ____D C:\ComboFix
2013-06-20 14:48 - 2013-07-04 20:58 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 14:48 - 2013-07-04 20:58 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 17:28

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by patrick at 2013-07-05 18:54:50
Running from E:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Reader 9.1 (x32 Version: 9.1.0)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
NVIDIA Grafiktreiber 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Systemsteuerung 307.83 (Version: 307.83)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Sitecom Europe BV Wireless LAN (x32 Version: 1.5.6.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)

==================== Restore Points  =========================

04-07-2013 18:51:34 Installed Sitecom Europe BV Wireless LAN
04-07-2013 18:53:21 Installed Adobe Reader 9.1.

==================== Scheduled Tasks (whitelisted) =============

Task: {02275B37-B633-4A81-9D2B-86801443D0DC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2013 06:52:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:51:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Setup.exe_InstallShield, Version: 12.0.0.49974, Zeitstempel: 0x4474907b
Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.49974, Zeitstempel: 0x4471f062
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00097867
ID des fehlerhaften Prozesses: 0x720
Startzeit der fehlerhaften Anwendung: 0xSetup.exe_InstallShield0
Pfad der fehlerhaften Anwendung: Setup.exe_InstallShield1
Pfad des fehlerhaften Moduls: Setup.exe_InstallShield2
Berichtskennung: Setup.exe_InstallShield3

Error: (07/04/2013 04:52:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/04/2013 05:49:37 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/04/2013 04:43:28 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (07/05/2013 06:52:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:51:26 PM) (Source: Application Error)(User: )
Description: Setup.exe_InstallShield12.0.0.499744474907bISSetup.dll12.0.0.499744471f062c00000050009786772001ce78e7794bfe48D:\Utility\Setup.exeC:\Users\patrick\AppData\Local\Temp\{A5328E8B-60DB-4BF5-91B2-404C4E1CEDAF}\Disk1\ISSetup.dllba638928-e4da-11e2-a95a-002522f736fe

Error: (07/04/2013 04:52:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-01-17 09:21:43.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 09:16:28.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 09:16:28.677
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 09:16:28.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 09:16:28.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 09:07:32.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 08:53:57.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 08:48:59.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 07:54:02.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-17 07:37:16.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 3839.3 MB
Available physical RAM: 2903.39 MB
Total Pagefile: 7676.8 MB
Available Pagefile: 6648.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:17.04 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive d: (Madmax764113) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD6CFD6C)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 05.07.2013, 18:01

Zitat:

Drive c: () (Fixed) (Total:48.83 GB) (Free:17.04 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive d: (Madmax764113) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)

und Du bist Dir sicher Du hast nur C formatiert?

Adlermania · 05.07.2013, 18:43

Ja, aber wie gesagt bevor der PC abgestürzt is war alles weg im Hintergrund außer der Papierkorb, dann bin ich auf ein Laufwerk gegangen und er hat angezeigt "Pfad nicht gefunden". Bei "Windows installieren" konnte ich auswählen zwischen Primär und System, Primär war 48 GB groß, also C, das hab ich angeklickt. Das andere hatte über 200 GB.

schrauber · 06.07.2013, 08:37

Jo aber die sind gar nicht da. Sind das 2 Partitionen ider 2 FEstplatten?

Adlermania · 06.07.2013, 11:47

2 Partitionen :/

03.07.2013, 20:46	#62
schrauber /// the machine /// TB-Ausbilder	Festplatte C füllt sich unaufhaltsam Bitte ein frisches FRST log. Wenn ich jetzt keine Eingebung mehr hab booten wir von Linux, sichern deine Daten und machen das System neu. __________________ __________________

04.07.2013, 19:44	#66
schrauber /// the machine /// TB-Ausbilder	Festplatte C füllt sich unaufhaltsam Jap. Und Treiber_CD des Rechners falls vorhanden. __________________ --> Festplatte C füllt sich unaufhaltsam

04.07.2013, 20:01	#68
schrauber /// the machine /// TB-Ausbilder	Festplatte C füllt sich unaufhaltsam Poste mal ein FRST log mit Additional. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.07.2013, 17:07	#70
schrauber /// the machine /// TB-Ausbilder	Festplatte C füllt sich unaufhaltsam Nee ich meinte aus dem normalen Windows __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.07.2013, 08:37	#74
schrauber /// the machine /// TB-Ausbilder	Festplatte C füllt sich unaufhaltsam Jo aber die sind gar nicht da. Sind das 2 Partitionen ider 2 FEstplatten? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Festplatte C füllt sich unaufhaltsam

Plagegeister aller Art und deren Bekämpfung: Festplatte C füllt sich unaufhaltsam