Festplatte C füllt sich unaufhaltsam

Adlermania · 05.07.2013, 12:40

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 05-07-2013 13:38:18
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
ShortcutTarget: Sitecom Wireless Utility.lnk -> C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe (Sitecom Europe BV.)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-20] (Avira Operations GmbH & Co. KG)
S2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
S2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 20:04 - 2013-07-04 20:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 20:00 - 2013-07-04 19:59 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 19:58 - 2013-07-04 19:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 19:58 - 2013-06-20 13:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-04 19:58 - 2013-06-20 13:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-04 19:58 - 2013-03-06 15:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-04 19:55 - 2013-07-04 19:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:53 - 2013-07-04 19:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 19:52 - 2013-07-04 19:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 19:52 - 2013-07-04 19:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 19:51 - 2010-12-30 16:34 - 01177440 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2013-07-04 19:51 - 2010-12-30 16:30 - 00327008 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2013-07-04 19:51 - 2010-12-30 16:30 - 00014051 ____A C:\Windows\SysWOW64\RaCoInst.dat
2013-07-04 19:51 - 2010-12-30 16:30 - 00014051 ____A C:\Windows\System32\RaCoInst.dat
2013-07-04 19:51 - 2009-12-10 10:16 - 02061600 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01590560 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 01063200 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2013-07-04 19:51 - 2009-12-10 10:16 - 00109856 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Windows.old
2013-07-04 16:03 - 2013-07-04 16:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 16:03 - 2013-02-19 21:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-07-04 16:03 - 2013-02-19 21:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-07-04 16:03 - 2013-01-31 10:25 - 06207776 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-07-04 16:03 - 2013-01-31 10:25 - 03300640 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 00878368 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-07-04 16:03 - 2013-01-31 10:24 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-07-04 16:03 - 2013-01-31 10:24 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-07-04 16:02 - 2013-07-04 19:51 - 00000000 ____D C:\Windows\LastGood
2013-07-04 16:02 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 16:02 - 2013-07-04 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 15:55 - 2013-07-04 15:55 - 00000020 __ASH C:\Users\patrick\ntuser.ini
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Recovery
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Programme
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\users\patrick
2013-07-04 15:47 - 2013-07-04 20:10 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 15:43 - 2013-07-04 15:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 11:43 - 2013-06-27 11:48 - 00000000 ____D C:\ComboFix

==================== One Month Modified Files and Folders =======

2013-07-04 20:10 - 2013-07-04 15:47 - 00138639 ____A C:\Windows\WindowsUpdate.log
2013-07-04 20:10 - 2009-07-14 05:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:10 - 2009-07-14 05:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:04 - 2013-07-04 20:04 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Avira
2013-07-04 19:59 - 2013-07-04 20:00 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-04 19:58 - 2013-07-04 19:58 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\ProgramData\Avira
2013-07-04 19:58 - 2013-07-04 19:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-04 19:55 - 2013-07-04 19:55 - 00058016 ____A C:\Users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 19:53 - 2013-07-04 19:53 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 19:53 - 2013-07-04 19:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 19:52 - 2013-07-04 19:52 - 00003934 ____A C:\Windows\System32\RaCoInst.log
2013-07-04 19:52 - 2013-07-04 19:52 - 00000000 ____D C:\ProgramData\Ralink
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Users\patrick\AppData\Roaming\InstallShield
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\ProgramData\Sitecom Driver
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Sitecom
2013-07-04 19:51 - 2013-07-04 19:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-04 19:51 - 2013-07-04 16:02 - 00000000 ____D C:\Windows\LastGood
2013-07-04 16:42 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-07-04 16:42 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Windows.old
2013-07-04 16:04 - 2011-04-12 08:43 - 00698688 ____A C:\Windows\System32\perfh007.dat
2013-07-04 16:04 - 2011-04-12 08:43 - 00148828 ____A C:\Windows\System32\perfc007.dat
2013-07-04 16:04 - 2009-07-14 06:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 16:03 - 2013-07-04 16:03 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 16:03 - 2013-07-04 16:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 16:03 - 2013-07-04 16:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-04 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-07-04 16:02 - 2013-07-04 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-04 16:02 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000020 __ASH C:\Users\patrick\ntuser.ini
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\patrick\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Musik
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\Documents\Eigene Bilder
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Verlauf
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Recovery
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Programme
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Startmenü
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Favoriten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Dokumente
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 __SHD C:\Dokumente und Einstellungen
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\Users\patrick\AppData\Local\VirtualStore
2013-07-04 15:55 - 2013-07-04 15:55 - 00000000 ____D C:\users\patrick
2013-07-04 15:55 - 2013-01-17 07:27 - 00000000 ____D C:\Windows\Panther
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-07-04 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-04 15:52 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 15:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 15:49 - 2013-01-17 09:29 - 00006406 ____A C:\Windows\setupact.log
2013-07-04 15:45 - 2013-01-17 07:31 - 00003652 ____A C:\Windows\TSSysprep.log
2013-07-04 15:45 - 2009-07-14 05:46 - 00003806 ____A C:\Windows\DtcInstall.log
2013-07-04 15:43 - 2013-07-04 15:43 - 00000000 ____D C:\Windows\CSC
2013-06-28 12:18 - 2013-06-28 12:18 - 00000000 ____D C:\FRST
2013-06-27 11:48 - 2013-06-27 11:43 - 00000000 ____D C:\ComboFix
2013-06-20 13:48 - 2013-07-04 19:58 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:48 - 2013-07-04 19:58 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-04 19:51:39
Restore point made on: 2013-07-04 19:53:25

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3839.3 MB
Available physical RAM: 3244.48 MB
Total Pagefile: 3837.5 MB
Available Pagefile: 3231.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:16.94 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (Madmax764113) (CDROM) (Total:3.91 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Daten) (Fixed) (Total:249.26 GB) (Free:67.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD6CFD6C)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-04 16:28

==================== End Of Log ============================

--- --- ---

Festplatte C füllt sich unaufhaltsam

Plagegeister aller Art und deren Bekämpfung: Festplatte C füllt sich unaufhaltsam

Festplatte C füllt sich unaufhaltsam

Ähnliche Themen: Festplatte C füllt sich unaufhaltsam