WinFuture-Forum.de: Win7 friert gelegentlich ein oder kriegt den Blues beim Start - WinFuture-Forum.de

Zum Inhalt wechseln

Alle Informationen zum Thema Windows 7 in unserem Special. Windows 7 Download, FAQ und neue Funktionen im Überblick.
Seite 1 von 1

Win7 friert gelegentlich ein oder kriegt den Blues beim Start


#1 Mitglied ist offline   Joshua123 

  • Gruppe: aktive Mitglieder
  • Beiträge: 30
  • Beigetreten: 29. Juli 10
  • Reputation: 0

geschrieben 05. März 2015 - 17:13

Guten Tag liebe Fachleute.

Also, wie angedeutet im Titel friert mein Win7 (32)manchmal ein oder bekommt einen Bluescreen zu Beginn der Startvorgangs (nach dem Booten).
Ein erster Scan mit MalewarebyteAntybyte hat nichts ungewöhnliches ergeben, bei denen von FRST und GMER (s. unten) steige ich leider nicht durch.
Ich würde mich sehr freuen, wenn mir jemand von euch weiter helfen könnte.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Wolf (administrator) on WOLF-PC on 05-03-2015 12:10:32
Running from F:\
Loaded Profiles: Wolf (Available profiles: Wolf)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe
() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
() C:\Program Files\MiserWare\Granola Personal\granola.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
() C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Kazubon) C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe
(Crystal Dew World) D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe
(Tracker Software Products Ltd.) C:\Program Files\PDF XView\PDF Viewer\PDFXCview.exe
(Nurgo-Software) C:\Program Files\AquaSnap\AquaSnap.Daemon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [SkyDrive] => C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk
ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk
ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = http://de.search.yah...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = http://www.google.de...q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default
FF Homepage: hxxp://www.ighome.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] ()
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File
FF user.js: detected! => C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml
FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: EPUBReader - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-21]
FF Extension: WOT - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-07]
FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07]
FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]
FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]
FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]
FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28]
FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - No Path Or update_url value
CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]
R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-03-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-03-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-15] () [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-27] () [File not signed]
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)
U3 ap08fn0l; C:\Windows\system32\Drivers\ap08fn0l.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]
S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]
S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]
S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 12:10 - 2015-03-05 12:10 - 00000000 ____D () C:\FRST
2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt
2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk
2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar
2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL
2015-03-02 14:52 - 2015-03-03 17:18 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc
2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar
2015-03-02 12:27 - 2015-03-04 16:30 - 00154141 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar
2015-03-01 02:07 - 2015-03-01 02:07 - 00002177 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safe Money.lnk
2015-03-01 02:06 - 2015-03-03 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-28 23:56 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-28 23:56 - 2015-03-01 00:52 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-28 23:56 - 2015-03-01 00:52 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-02-28 23:56 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe
2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat
2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL
2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat
2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log
2015-02-27 12:27 - 2015-02-27 12:27 - 00000020 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar
2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log
2015-02-27 11:51 - 2015-02-27 11:51 - 00137504 _____ () C:\Windows\Minidump\022715-18546-01.dmp
2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log
2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar
2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log
2015-02-26 03:21 - 2015-03-05 11:38 - 00000672 _____ () C:\Windows\setupact.log
2015-02-26 03:21 - 2015-02-26 03:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap
2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log
2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL
2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL
2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log
2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log
2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log
2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log
2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log
2015-02-18 16:02 - 2015-02-18 16:02 - 00000972 _____ () C:\Users\Wolf\Desktop\HD Tune Pro.lnk
2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt
2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log
2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log
2015-02-14 10:00 - 2015-02-14 10:00 - 00000197 _____ () C:\Windows\system32\2015-02-14-09-00-15.003-AvastVBoxSVC.exe-2748.log
2015-02-14 02:08 - 2015-02-14 02:09 - 00000197 _____ () C:\Windows\system32\2015-02-14-01-08-50.088-AvastVBoxSVC.exe-3188.log
2015-02-12 10:28 - 2015-02-12 10:29 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-28-25.096-AvastVBoxSVC.exe-2728.log
2015-02-12 03:23 - 2015-02-12 03:26 - 00000247 _____ () C:\Windows\system32\2015-02-12-02-23-09.056-aswFe.exe-1976.log
2015-02-12 03:15 - 2015-02-12 03:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-02-15-22.041-AvastVBoxSVC.exe-3412.log
2015-02-11 13:00 - 2015-02-11 13:00 - 00000197 _____ () C:\Windows\system32\2015-02-11-12-00-41.034-AvastVBoxSVC.exe-3616.log
2015-02-10 16:43 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Termin  3.3.  1830.txt
2015-02-10 11:32 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-32-25.088-aswFe.exe-668.log
2015-02-10 11:29 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-29-08.035-aswFe.exe-1044.log
2015-02-10 11:29 - 2015-02-10 11:29 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-29-03.003-AvastVBoxSVC.exe-3932.log
2015-02-10 11:24 - 2015-02-10 11:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-24-19.008-AvastVBoxSVC.exe-3336.log
2015-02-09 12:34 - 2015-03-02 23:13 - 06387323 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar
2015-02-09 12:34 - 2015-03-02 13:35 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar
2015-02-09 12:33 - 2015-03-04 23:45 - 07235267 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar
2015-02-09 08:37 - 2015-02-09 08:37 - 00000197 _____ () C:\Windows\system32\2015-02-09-07-37-19.030-AvastVBoxSVC.exe-2864.log
2015-02-08 21:27 - 2015-02-08 21:28 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-27-57.025-AvastVBoxSVC.exe-2172.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 12:09 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress
2015-03-05 11:55 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell
2015-03-05 11:45 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 11:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 09:36 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox
2015-03-05 01:11 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype
2015-03-04 23:45 - 2014-11-08 11:00 - 00001580 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini
2015-03-04 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla
2015-03-04 02:03 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese
2015-03-04 01:51 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf
2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar
2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2015-03-01 02:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public
2015-03-01 00:36 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps
2015-03-01 00:25 - 2014-09-29 09:12 - 00409334 _____ () C:\Windows\PFRO.log
2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-28 21:49 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 11:51 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 09:34 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-21 00:32 - 2014-09-11 23:49 - 00007852 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 23:36 - 2010-10-28 21:46 - 00007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2015-02-19 01:22 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram
2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto
2015-02-09 19:53 - 2014-11-08 11:00 - 10514861 _____ () C:\Users\Wolf\Desktop\0 HERAKLIT.RAR
2015-02-09 08:34 - 2014-11-26 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 23:07 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe
2015-02-08 23:07 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-08 23:07 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-11-06 05:08 - 2011-07-09 16:29 - 6619136 _____ (© onlinetvrecorder.com) C:\Program Files\2009Decoder.exe
2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs
2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf
2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe
2013-09-01 11:34 - 2010-02-26 21:43 - 0293376 _____ (Gopal Adhikari) C:\Program Files\Context Menu Editor.exe
2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu
2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu
2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt
2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP
2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini
2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt
2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für  Remoce Torrent.gms
2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe
2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP
2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe
2013-06-07 23:36 - 2013-06-07 23:35 - 0023092 _____ () C:\Program Files\Kill BoxCrypt und Dropbox.exe
2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe
2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat
2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe
2014-04-18 01:18 - 2014-04-18 01:11 - 0023079 _____ () C:\Program Files\Kill Onedrive, ehe. Skydrive.exe
2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat
2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt
2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt
2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt
2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe
2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe
2010-10-20 13:25 - 2010-10-20 13:25 - 3887480 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp1204.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg
2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe
2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt
2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL
2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini
2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak
2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!
2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko
2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini
2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache
2014-11-12 18:09 - 2014-11-12 18:17 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2010-10-28 21:46 - 2015-02-20 23:36 - 0007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db
2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log
2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Wolf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwzngio.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 17:47

==================== End Of Log ============================




GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-05 13:41:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000524AS rev.JC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wolf\AppData\Local\Temp\kwtdqpob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwAdjustPrivilegesToken [0x8AB0E0A0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwAlpcConnectPort [0x8AB0E020]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwAlpcSendWaitReceivePort [0x8AB0E030]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwConnectPort [0x8AB0E050]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwCreateSection [0x8AB0E000]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwCreateSymbolicLinkObject [0x8AB0E410]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwCreateThread [0x8AB0E100]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwCreateThreadEx [0x8AB0E040]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwDebugActiveProcess [0x8AB0E140]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwDeviceIoControlFile [0x8AB0E1E0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwDuplicateObject [0x8AB0E170]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwLoadDriver [0x8AB0E150]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwMapViewOfSection [0x8AB0E180]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwOpenProcess [0x8AB0E080]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwOpenSection [0x8AB0E070]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwOpenThread [0x8AB0E090]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwProtectVirtualMemory [0x8AB0E0C0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwQueryIntervalProfile [0x8AB0E470]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwQueueApcThread [0x8AB0E120]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwRequestWaitReplyPort [0x8AB0E1D0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwResumeProcess [0x8AB0E490]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwResumeThread [0x8AB0E1A0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSecureConnectPort [0x8AB0E060]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSetContextThread [0x8AB0E110]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSetInformationObject [0x8AB0E0B0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSetInformationToken [0x8AB0E010]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSetSystemInformation [0x8AB0E160]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSuspendProcess [0x8AB0E1C0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSuspendThread [0x8AB0E1B0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwSystemDebugControl [0x8AB0E130]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwTerminateProcess [0x8AB0E0D0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwTerminateThread [0x8AB0E0E0]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwUnmapViewOfSection [0x8AB0E190]
SSDT            \SystemRoot\system32\DRIVERS\klhk.sys                                                                               ZwWriteVirtualMemory [0x8AB0E0F0]

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1401                                                                            830789C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              830984E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 139F                                                                                 8309F75C 4 Bytes  [A0, E0, B0, 8A]
.text           ntoskrnl.exe!KeRemoveQueueEx + 13C7                                                                                 8309F784 4 Bytes  [20, E0, B0, 8A] {AND AL, AH; MOV AL, 0x8a}
.text           ntoskrnl.exe!KeRemoveQueueEx + 140B                                                                                 8309F7C8 4 Bytes  [30, E0, B0, 8A] {XOR AL, AH; MOV AL, 0x8a}
.text           ntoskrnl.exe!KeRemoveQueueEx + 145B                                                                                 8309F818 4 Bytes  [50, E0, B0, 8A]
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                 8309F87C 4 Bytes  [00, E0, B0, 8A] {ADD AL, AH; MOV AL, 0x8a}
.text           ...                                                                                                                 
?               System32\Drivers\spnp.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                      [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                 [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                       [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                             [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                               [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                              [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                             [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                    [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                              [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                         [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                       [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                             [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                 [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                    [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              858941F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              cbfs4.sys

Device          \Driver\volmgr \Device\VolMgrControl                                                                                858901F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8695F1F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    86930500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    8695F1F8
Device          \Driver\PCI_PNP3664 \Device\00000060                                                                                spnp.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8695F1F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             kltdi.sys

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    8695F1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              858901F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                    86930500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              858901F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                  858921F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4                                                                         858921F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              858901F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              858901F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             868531F8
Device          \Driver\sptd \Device\2050136112                                                                                     spnp.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                                             kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           kltdi.sys

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8695F1F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    86930500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8695F1F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    8695F1F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    86930500
Device          \Driver\ap08fn0l \Device\Scsi\ap08fn0l1                                                                             86A5F500

---- Trace I/O - GMER 2.1 ----

Trace           ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys halacpi.dll ACPI.sys >>UNKNOWN [0x858921f8]<<                        858921f8
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713518]                                                             86713518
Trace           3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x86712478]                                                        86712478
Trace           5 vidsflt.sys[8a59f130] -> nt!IofCallDriver -> [0x86643918]                                                         86643918
Trace           7 ACPI.sys[8a5443d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0x86650030]                               86650030
Trace           \Driver\atapi[0x8661a030] -> IRP_MJ_CREATE -> 0x858921f8                                                            858921f8

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB0 0xC2 0x98 0xB5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD7 0x25 0x55 0x25 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x6B 0xAD 0x1F 0x16 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x16 0x7B 0xA2 0x6A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x16 0x7B 0xA2 0x6A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                0x6B 0xAD 0x1F 0x16 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB0 0xC2 0x98 0xB5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD7 0x25 0x55 0x25 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x6B 0xAD 0x1F 0x16 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x16 0x7B 0xA2 0x6A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x16 0x7B 0xA2 0x6A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                    0x6B 0xAD 0x1F 0x16 ...

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                               unknown MBR code

---- EOF - GMER 2.1 ----

0

Anzeige



#2 Mitglied ist offline   Lutz57 

  • Gruppe: aktive Mitglieder
  • Beiträge: 213
  • Beigetreten: 14. Dezember 12
  • Reputation: 9
  • Geschlecht:Männlich

geschrieben 09. März 2015 - 22:25

Hallo,

da kann ich jetzt auch nicht viel zu sagen, in dieser Situation würde ich erst mal
alles wichtige auf eine Externe HD packen und dann mal schauen was es sein kann.
Könnte die jetzt verbaute HD sein die sich langsam auflöst, oder ein defekter
Rambaustein?
Mit CrystalDisk kannste die HD mal testen wie da der Gesunheitszustand und dann
kann man die Ramsteine mal überprüfen (Langzeittest) alle Anschlüsse auf festen
Sitz überprüfen (auch die verbauten Rams, hatte ich nach einem Tranport im PKW
schon mal) wenn alles überprüft ist, eventuell den PC neu aufspielen.

Gruß Lutz

PS: Unbedingt den Lüfter überprüfen das kein Staub ihn zusetzt und er ordendlich dreht!
Es ist so das eine CPU nach dem Start sofort sehr heiß wird und dann sogar
durchbrennen könnte.
So eine Überhitzung ist oft der Auslöser für einen "Blues" beim Start.

Dieser Beitrag wurde von Lutz57 bearbeitet: 10. März 2015 - 17:51

0

#3 Mitglied ist offline   Joshua123 

  • Gruppe: aktive Mitglieder
  • Beiträge: 30
  • Beigetreten: 29. Juli 10
  • Reputation: 0

geschrieben 10. März 2015 - 19:51

Hi Lutz,
vielen Dank für Deine Stellungnahme!
Hab eben mit dem Programm HD-Tune geschaut, ob da was zur Festplatte angezeigt wird, scheint was gefunden zu haben. Unter "(C7) Interfaces CRC Error Count" gibt es ein "Attention!" und folgende zusätzliche Erklärung: "There were communication errors. This may be caused by a damaged cable."

Leider weiß ich damit nichts anzufangen, aber Du kennst Dich aus? Heisst das, dass ich mir schnellstens eine neue Fetsplatte besorgen sollte?
0

#4 Mitglied ist offline   DK2000 

  • Gruppe: Administration
  • Beiträge: 19.795
  • Beigetreten: 19. August 04
  • Reputation: 1.434
  • Geschlecht:Männlich
  • Wohnort:Oben auf dem Berg
  • Interessen:Essen, PC, Filme, TV Serien...

geschrieben 10. März 2015 - 19:59

Das heißt, dass die Kommunikation zw. HDD und Host gestört ist. Kann am Kabel liegen, kann an der HDD liegen, kann am Board liegen oder in selten Fällen auch am Treiber. Das lässt sich so nicht näher bestimmen.
Ich bin kein Toilettenpapier-Hamster.
---
Ich bin ein kleiner, schnickeldischnuckeliger Tiger aus dem Schwarzwald.
Alle haben mich ganz dolle lila lieb.
0

#5 Mitglied ist offline   Joshua123 

  • Gruppe: aktive Mitglieder
  • Beiträge: 30
  • Beigetreten: 29. Juli 10
  • Reputation: 0

geschrieben 10. März 2015 - 20:19

Hm. Wie kommt das Programm darauf, dass die gestörte Kommunikation an einem kaputten Kabel liegen könnte?
Ansonsten: Wüsstest Du einen Rat, wie sich die Ursache genauer bestimmen ließe?

Dieser Beitrag wurde von Joshua123 bearbeitet: 10. März 2015 - 20:20

0

#6 Mitglied ist offline   Lutz57 

  • Gruppe: aktive Mitglieder
  • Beiträge: 213
  • Beigetreten: 14. Dezember 12
  • Reputation: 9
  • Geschlecht:Männlich

geschrieben 10. März 2015 - 23:24

Hallo,

Beitrag anzeigenZitat (Joshua123: 10. März 2015 - 20:19)

Ansonsten: Wüsstest Du einen Rat, wie sich die Ursache genauer bestimmen ließe?


mein Rat, besorge dir ein neues Sata- o. ATA Festplattenkabel, je nachdem was
du brauchst und versuche es erst mal damit. So was kostet nicht die Welt und könnte
dann die Rettung, oder ein Ausschlußkriterium sein.

Gruß Lutz
0

#7 Mitglied ist offline   Joshua123 

  • Gruppe: aktive Mitglieder
  • Beiträge: 30
  • Beigetreten: 29. Juli 10
  • Reputation: 0

geschrieben 11. März 2015 - 16:07

Hab jetzt mal das Kabel gegen ein neues getauscht und bei der Gelegenheit auch den Ansteckplatz am Mainbord gegen den anderen gewechselt.

Ich danke Dir!
0

#8 Mitglied ist offline   Lutz57 

  • Gruppe: aktive Mitglieder
  • Beiträge: 213
  • Beigetreten: 14. Dezember 12
  • Reputation: 9
  • Geschlecht:Männlich

geschrieben 11. März 2015 - 17:39

Hallo,

wenn Du jetzt mit dem Programm HD-Tune noch mal testest, sind dann die vorherigen
Probs. weg, oder gibt es sie noch?

Gruß Lutz
0

#9 Mitglied ist offline   Joshua123 

  • Gruppe: aktive Mitglieder
  • Beiträge: 30
  • Beigetreten: 29. Juli 10
  • Reputation: 0

geschrieben 11. März 2015 - 18:34

Die werden jetzt genauso angezeigt. Ist das nicht der Sinn der S.M.A.R.T-Einrichung auf den Festplatten? Also, dass sie sich alle je auftretenden Probleme merken?
Oder kann man das wegmachen?

Dieser Beitrag wurde von Joshua123 bearbeitet: 11. März 2015 - 19:03

0

#10 Mitglied ist offline   Lutz57 

  • Gruppe: aktive Mitglieder
  • Beiträge: 213
  • Beigetreten: 14. Dezember 12
  • Reputation: 9
  • Geschlecht:Männlich

geschrieben 11. März 2015 - 20:56

Hallo,

also ich benutze meistens "CrystalDisk Info" welches einem den Zustand und Temperatur
als auch die Smartwerte liefert. Ob man das beeinflussen oder löschen kann entzieht sich
meiner Kenntnis.
So bleibt halt abzuwarten ob das Problem "Blues" ;D weiterhin auftritt.

Gruß Lutz
0

#11 Mitglied ist offline   EmKa262 

  • Gruppe: aktive Mitglieder
  • Beiträge: 462
  • Beigetreten: 19. Januar 10
  • Reputation: 55
  • Geschlecht:Männlich
  • Wohnort:The Darkside
  • Interessen:Technik, Games, Autos, Motorräder

geschrieben 12. März 2015 - 09:19

Die Smart-Werte lassen sich nicht zurücksetzen, so soll es auch sein. Die Festplatte gehört bei Fehlern umgehend ersetzt. Viel mehr braucht man dazu nicht mehr zu sagen.
Eingefügtes Bild
0

Thema verteilen:


Seite 1 von 1

1 Besucher lesen dieses Thema
Mitglieder: 0, Gäste: 1, unsichtbare Mitglieder: 0