Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2016, 11:33   #1
lucious
 
Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus. - Unglücklich

Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.



Hallo Zusammen,

mein Windows 7 PC fährt seit einigen Tagen nicht mehr hoch. "Windows wird geladen" wird beim booten noch angezeigt, aber kein Login-Eingabefeld mehr. Dann schwarzer Bildschirm mit beweglicher Maus.

Hatte kürzlich eine Fehlermeldung (ich glaube beim Systemstart), deren Wortlaut mir nicht mehr präsent ist. Daraufhin unternahm Windows selbstständig einen Check bzw. Reparaturversuch, der relativ lange gedauert hat. Neustart daraufhin endet im Black Screen mit beweglicher Maus. Finale Geierkralle (Strg+Alt+Entf) geht nicht. Neustart in den abgesicherten Modus bleibt bei classpnp.sys stehen und endet dann im selbigen BSOD.

Habe bereits vom Win 7 Installationsmedium aus mit Eingabeaufforderung bootrec ausgeführt und mit diskpart die Partitionen gecheckt bzw. aktiviert.

Wenn ich Partition 1 aktiv schalte kann ich, wenn ich mich recht erinnere, die erweiterten Reparaturoptionen auch ohne externes Startmedium aufrufen. Bringt mich aber leider auch nicht weiter. Immer noch BSOD.

Habe bereits FRST64.exe log erstellt und zusätzlich einen Report (2 Logfiles) mit OTLPE erstellt.

Bitte um Hilfe.




Schöne Grüße
lucious

Alt 22.07.2016, 16:40   #2
lucious
 
Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus. - Unglücklich

Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.



Oooops! Das mit dem Code posten habe ich erst jetzt gesehen - Keine Logs unaufgefordert als Anhang. Sorry!


Hier nochmal die Logfiles in der Codebox.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by SYSTEM on MININT-U0HK4KL (22-07-2016 01:00:15)
Running from j:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows8FirewallControl] => C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1204224 2013-09-30] (Sphinx Software)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2013-05-30] (KORG Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-07-01] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Karen\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Karen\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Karen\...\Policies\system: [LogonHoursAction] 2
HKU\Karen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Papa\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\Papa\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\Papa\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\Papa\...\Policies\system: [LogonHoursAction] 2
HKU\Papa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-27]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe (No File)
GroupPolicyUsers\S-1-5-21-1702933505-973224923-256598594-1003\User: Restriction <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-19] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-19] (Avast Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-03] (Electronic Arts)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-19] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-19] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-19] (AVAST Software)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-21] (AVM Berlin)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-21] (AVM GmbH)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2013-05-30] (KORG INC.)
S3 MackieUSB; C:\Windows\System32\DRIVERS\MackieUSB_x64.sys [245728 2012-05-30] ()
S3 MackieUSBks; C:\Windows\System32\DRIVERS\MackieUSBks_x64.sys [52192 2012-05-30] ()
S0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-05-19] (AVAST Software)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-05-19] (Avast Software)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-01-20] (VIA Technologies, Inc.)
S3 VUSBSTOR; C:\Windows\System32\Drivers\vusbstor.sys [86064 2013-01-17] (VIA Technologies, Inc.)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297472 2014-01-20] (VIA Technologies, Inc.)
S3 Asushwio; \??\H:\Bin\64bit\Asushwio.sys [X]
S3 CT20XUT.SYS; \SystemRoot\System32\drivers\CT20XUT.SYS [X]
S3 CTEXFIFX.SYS; \SystemRoot\System32\drivers\CTEXFIFX.SYS [X]
S3 CTHWIUT.SYS; \SystemRoot\System32\drivers\CTHWIUT.SYS [X]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Driver Fusion\DriverFusion.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 19:58 - 2016-07-21 19:58 - 00092124 _____ C:\OTL.Txt
2016-07-21 19:58 - 2016-07-21 19:58 - 00026740 _____ C:\Extras.Txt
2016-07-21 11:19 - 2016-07-21 11:19 - 00013128 ____N C:\bootsqm.dat
2016-07-20 20:42 - 2016-07-22 01:00 - 00000000 ____D C:\FRST
2016-07-18 05:09 - 2016-07-20 13:38 - 00000000 _____ C:\Windows\ntbtlog.txt
2016-07-17 22:46 - 2010-11-20 19:23 - 00383786 __RSH C:\bootmgr
2016-07-16 10:04 - 2016-07-16 10:05 - 00000000 ____D C:\Program Files (x86)\Arturia
2016-07-16 07:55 - 2016-07-16 08:22 - 00000000 ____D C:\ProgramData\Arturia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 19:55 - 2013-05-20 13:13 - 00000000 ____D C:\users\Karen
2016-07-21 19:55 - 2013-05-17 15:55 - 00000000 ____D C:\users\Papa
2016-07-17 02:19 - 2009-07-13 20:45 - 00026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 02:19 - 2009-07-13 20:45 - 00026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-17 02:16 - 2013-05-17 16:39 - 00659008 _____ C:\Windows\System32\perfh007.dat
2016-07-17 02:16 - 2013-05-17 16:39 - 00134396 _____ C:\Windows\System32\perfc007.dat
2016-07-17 02:16 - 2009-07-13 21:13 - 01550736 _____ C:\Windows\System32\PerfStringBackup.INI
2016-07-17 02:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-07-17 02:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-16 17:00 - 2013-05-20 12:37 - 00000000 ____D C:\Users\Papa\AppData\Roaming\uTorrent
2016-07-16 16:57 - 2013-09-17 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-16 16:26 - 2013-11-06 13:13 - 00000000 ____D C:\Users\Papa\AppData\Roaming\vlc
2016-07-16 16:00 - 2013-05-20 11:17 - 00000000 ____D C:\Users\Papa\AppData\Local\Adobe
2016-07-16 10:04 - 2016-02-29 09:01 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-07-16 10:04 - 2014-12-05 14:32 - 00000000 ____D C:\Program Files\VstPlugins
2016-07-16 10:03 - 2013-08-27 01:59 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-07-16 06:52 - 2015-12-12 15:29 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DDCB4373-BBC1-480E-A2A8-F0A4533301F9}
2016-07-15 01:13 - 2013-05-20 11:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-13 09:55 - 2015-01-09 05:33 - 00000000 ____D C:\Users\Karen\Documents\FIFA 14
2016-07-13 08:27 - 2015-01-04 02:01 - 00000000 ____D C:\ProgramData\Origin
2016-07-12 07:57 - 2013-09-17 11:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-12 07:57 - 2013-06-05 13:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-12 07:57 - 2013-06-05 13:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 07:57 - 2013-06-05 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 07:57 - 2013-06-05 13:29 - 00000000 ____D C:\Windows\System32\Macromed
2016-07-11 03:00 - 2016-04-30 10:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-10 01:33 - 2009-07-13 21:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-04 10:47 - 2015-11-29 15:39 - 00000000 ____D C:\Program Files (x86)\Driver Fusion
2016-07-03 00:27 - 2015-01-08 09:14 - 00000000 ____D C:\Program Files (x86)\Origin

Some files in TEMP:
====================
C:\Users\Papa\AppData\Local\Temp\readSTILog.dll


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
default                 {default}
displayorder            {default}
timeout                 30

Windows Boot Loader
-------------------
identifier              {9707dd30-4f03-11e6-b569-84b38386ecf4}
device                  ramdisk=[C:]\Recovery\c2170446-bf9e-11e2-b976-ca7f691bd450\Winre.wim,{9707dd31-4f03-11e6-b569-84b38386ecf4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[C:]\Recovery\c2170446-bf9e-11e2-b976-ca7f691bd450\Winre.wim,{9707dd31-4f03-11e6-b569-84b38386ecf4}
systemroot              \windows
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate
locale                  de-DE
osdevice                partition=C:
systemroot              \Windows

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE

Device options
--------------
identifier              {9707dd31-4f03-11e6-b569-84b38386ecf4}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\c2170446-bf9e-11e2-b976-ca7f691bd450\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 6%
Total physical RAM: 24574.61 MB
Available physical RAM: 23082.62 MB
Total Virtual: 24572.81 MB
Available Virtual: 23089.83 MB

==================== Drives ================================

Drive c: (Windows 7 SP1) (Fixed) (Total:119.14 GB) (Free:33.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Daten 2) (Fixed) (Total:1863.01 GB) (Free:1483.43 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (PNY_1GB) (Removable) (Total:0.93 GB) (Free:0.87 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Daten) (Fixed) (Total:298.09 GB) (Free:297.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4B674B66)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5CB78ED8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1A13162B)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 35C803C0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 955.5 MB) (Disk ID: 0185A692)
Partition 1: (Not Active) - (Size=955 MB) - (Type=07 NTFS)


LastRegBack: 2016-05-06 08:21

==================== End of FRST.txt ============================
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/21/2016 11:56:58 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 33.91 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1483.43 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive F: | 500.00 Mb Total Space | 170.97 Mb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 72.07 Mb Free Space | 72.07% Space Free | Partition Type: NTFS
Drive H: | 111.30 Gb Total Space | 74.47 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive X: | 1.87 Gb Total Space | 1.38 Gb Free Space | 74.17% Space Free | Partition Type: NTFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2016/05/19 06:01:05 | 000,243,296 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2016/05/19 06:00:59 | 005,570,272 | ---- | M] (Avast Software) [On_Demand] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2013/09/30 13:54:32 | 003,806,720 | ---- | M] (Sphinx Software) [Auto] -- C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe -- (Windows8FirewallService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2016/07/12 11:57:09 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/07/03 04:27:16 | 002,122,248 | ---- | M] (Electronic Arts) [On_Demand] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016/06/24 19:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/06/17 16:09:13 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/08 19:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/05/19 06:01:10 | 000,465,792 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\system32\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2016/05/19 06:01:10 | 000,166,432 | ---- | M] (AVAST Software) [Kernel | Auto] -- C:\Windows\system32\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/05/19 06:01:10 | 000,107,792 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2016/05/19 06:01:10 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | Auto] -- C:\Windows\system32\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/05/19 06:01:09 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\system32\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/05/19 06:01:02 | 001,070,904 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\system32\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2016/05/19 06:01:02 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\system32\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2016/05/19 06:00:59 | 000,323,392 | ---- | M] (Avast Software) [Kernel | Auto] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2015/07/13 06:16:16 | 000,026,368 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand] -- C:\Windows\System32\drivers\rspLLL64.sys -- (rspLLL)
DRV:64bit: - [2014/07/02 17:29:29 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/01/20 05:19:56 | 000,225,792 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2014/01/20 05:19:52 | 000,297,472 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2013/08/20 01:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2013/08/20 01:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2013/07/31 07:23:57 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2013/05/30 19:14:00 | 000,034,136 | ---- | M] (KORG INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2013/01/17 22:11:54 | 000,086,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vusbstor.sys -- (VUSBSTOR)
DRV:64bit: - [2012/11/14 13:39:18 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/14 13:39:18 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/14 13:39:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/11/14 13:39:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/05/30 05:39:28 | 000,245,728 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\MackieUSB_x64.sys -- (MackieUSB)
DRV:64bit: - [2012/05/30 05:39:26 | 000,052,192 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\MackieUSBks_x64.sys -- (MackieUSBks)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/10/21 20:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010/10/21 20:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009/08/13 17:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/07/31 07:23:57 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 F3 AD 04 62 53 CE 01  [binary data]
IE - HKU\Karen_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Karen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 F3 AD 04 62 53 CE 01  [binary data]
IE - HKU\Papa_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Papa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.de/deu/"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_22_0_0_209.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Users\Karen\AppData\Local\mpDRM\Binaries\NPMPDRM.dll ( )
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016/05/19 06:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/05/19 06:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/05/19 06:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016/04/30 14:49:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 47.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 47.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/24 16:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2016/05/08 15:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\5g9yripw.default\extensions
[2016/06/17 16:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5G9YRIPW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
 
O1 HOSTS File: ([2016/06/04 07:08:32 | 000,000,958 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 opencandy.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [nwiz]  File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (VIA Technologies, Inc.)
O4:64bit: - HKLM..\Run: [Windows8FirewallControl] C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient]  File not found
O4 - HKLM..\Run: [KiesTrayAgent]  File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\Karen_ON_C..\Run: []  File not found
O4 - HKU\Karen_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\Papa_ON_C..\Run: [CAHeadless]  File not found
O4 - HKU\Papa_ON_C..\Run: [KiesAirMessage]  File not found
O4 - HKU\Papa_ON_C..\Run: [KiesPreload]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2016/07/21 16:20:36 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7952190b-bf4f-11e2-a2d5-0018f3f6cd59}\Shell - "" = AutoRun
O33 - MountPoints2\{7952190b-bf4f-11e2-a2d5-0018f3f6cd59}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/07/21 00:42:32 | 000,000,000 | ---D | C] -- C:\FRST
[2016/07/18 02:41:57 | 000,000,000 | -HSD | C] -- C:\Boot
[2016/07/16 14:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2016/07/16 14:03:21 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
[2016/07/16 11:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
[2014/02/28 20:23:32 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2016/07/21 15:19:01 | 000,013,128 | ---- | M] () -- C:\bootsqm.dat
[2016/07/20 17:48:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/07/17 06:19:28 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/07/17 06:19:28 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/07/17 06:16:27 | 000,659,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2016/07/17 06:16:27 | 000,627,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/07/17 06:16:27 | 000,134,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2016/07/17 06:16:27 | 000,110,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/07/16 20:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/07/12 11:57:09 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/07/12 11:57:09 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2016/07/21 15:19:01 | 000,013,128 | ---- | C] () -- C:\bootsqm.dat
[2016/07/18 02:46:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2015/12/12 14:45:14 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/11/30 17:39:33 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PAPA-PC-Windows-7-Ultimate-(64-bit).dat
[2015/11/29 20:02:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/02/03 13:09:27 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/01/18 12:11:38 | 000,001,456 | ---- | C] () -- C:\Users\Papa\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2014/04/27 11:49:52 | 000,000,819 | ---- | C] () -- C:\Windows\wiso.ini
[2013/12/15 10:19:20 | 000,007,663 | ---- | C] () -- C:\Users\Papa\AppData\Local\Resmon.ResmonCfg
[2013/10/21 16:33:11 | 000,000,088 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/07/18 08:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/07/18 08:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/07/18 08:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/07/18 08:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/07/02 16:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/02/02 23:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
[2011/06/15 07:37:00 | 001,108,992 | ---- | C] () -- C:\Windows\SysWow64\phidget21.dll
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/08/26 19:34:36 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\libvout_wrapper_plugin.dll
[2010/08/26 19:34:36 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\libvmem_plugin.dll
[2010/08/26 19:34:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\libswscale_plugin.dll
[2010/08/26 19:34:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\libstream_out_transcode_plugin.dll
[2010/08/26 19:34:32 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\libstream_out_smem_plugin.dll
[2010/08/26 19:34:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\libps_plugin.dll
[2010/08/26 19:34:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\libpacketizer_mpegvideo_plugin.dll
[2010/08/26 19:34:30 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\libmpeg_audio_plugin.dll
[2010/08/26 19:34:30 | 000,033,280 | ---- | C] () -- C:\Windows\SysWow64\libmux_wav_plugin.dll
[2010/08/26 19:34:30 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\libmpgv_plugin.dll
[2010/08/26 19:34:28 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\libfilesystem_plugin.dll
[2010/08/26 19:34:28 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\libmjpeg_plugin.dll
[2010/08/26 19:34:28 | 000,033,280 | ---- | C] () -- C:\Windows\SysWow64\libmemcpymmx_plugin.dll
[2010/08/26 19:34:22 | 007,124,992 | ---- | C] () -- C:\Windows\SysWow64\libavcodec_plugin.dll
[2010/08/26 19:34:22 | 002,263,552 | ---- | C] () -- C:\Windows\SysWow64\libvlccore.dll
[2010/08/26 19:34:22 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\libvlc.dll
[2010/08/26 19:34:22 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\libaccess_http_plugin.dll
[2010/08/26 19:34:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\libau_plugin.dll
[2010/04/05 20:05:48 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\highgui210.dll
[2010/04/05 20:05:16 | 002,085,888 | ---- | C] () -- C:\Windows\SysWow64\cv210.dll
[2010/04/05 20:04:06 | 002,201,088 | ---- | C] () -- C:\Windows\SysWow64\cxcore210.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/12/23 06:06:16 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2016/05/08 01:37:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\.minecraft
[2014/05/20 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVAST Software
[2014/12/15 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\LucasArts
[2015/06/11 12:21:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Origin
[2014/01/08 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ProtectDISC
[2014/09/04 16:42:58 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\RavensburgerTipToi
[2013/11/06 09:21:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Rovio
[2013/11/23 14:20:11 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Rovio Entertainment Ltd
[2016/02/21 16:04:19 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Applied Acoustics Systems
[2014/05/11 05:38:12 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AVAST Software
[2015/02/27 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DxO Labs
[2013/11/28 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\FlowStone
[2015/04/26 07:51:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\FRITZ!
[2015/03/14 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Haenlein-Software
[2016/05/16 05:41:59 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\HandBrake
[2014/09/17 18:42:33 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Image-Line
[2014/12/03 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\iZotope
[2013/08/27 09:38:57 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Korg
[2013/10/28 16:18:55 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Leadertech
[2015/02/09 12:27:14 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Morphine
[2016/04/30 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\No Company Name
[2015/11/18 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Origin
[2014/12/05 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\PACE Anti-Piracy
[2015/11/16 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Psicraft
[2014/11/13 16:46:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\RavensburgerTipToi
[2015/11/16 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Samsung
[2016/07/16 21:00:57 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\uTorrent
[2016/02/29 16:08:26 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Waves Audio
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2016/07/16 12:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Arturia
[2016/05/19 06:01:10 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2014/04/27 11:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2013/08/25 09:26:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2014/11/17 20:40:41 | 000,000,000 | ---D | M] -- C:\ProgramData\DirectWave
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2015/02/27 18:02:44 | 000,000,000 | ---D | M] -- C:\ProgramData\DxO Labs
[2015/01/09 09:35:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2014/01/12 17:11:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Lernwerkstatt 9
[2016/01/11 08:14:37 | 000,000,000 | ---D | M] -- C:\ProgramData\mpDRM
[2014/11/18 18:15:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2015/12/04 13:07:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2016/07/13 12:27:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2015/11/18 20:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2014/11/13 16:38:43 | 000,000,000 | ---D | M] -- C:\ProgramData\RavensburgerTipToi
[2016/04/30 14:13:00 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2015/12/02 17:03:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2013/10/21 16:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2016/02/29 13:19:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Waves Audio
[2015/01/18 18:14:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\{84F3A9E1-F22E-44D1-A4DA-6FDAED1C26FF}
[2014/01/08 17:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{9D32C6BC-9649-4BBB-B075-B26C6CA62F12}
[2016/06/12 13:24:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\{B895D3F6-931C-4B01-A8AC-DCDBBE28F2F9}
[2014/12/05 17:57:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DEB7EC0A-2CAA-4D3F-980F-EFEF8157E3FA}
[2015/08/12 09:02:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(701).TXT
[2016/07/10 05:33:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1226 bytes -> C:\Users\Papa\AppData\Local\Temporary Internet Files:RSBNJWsTHLWdfsbv4mmi1Yick2W
@Alternate Data Stream - 1182 bytes -> C:\Users\Papa\AppData\Local\utGcgPyHEnn:cDhoHTLDNzNEasTlPTnKbZX
@Alternate Data Stream - 1157 bytes -> C:\Users\Papa\AppData\Local\Application Data:db9x54srufboZzutnIeYwZm374
@Alternate Data Stream - 1157 bytes -> C:\Users\Papa\AppData\Local:db9x54srufboZzutnIeYwZm374
@Alternate Data Stream - 1086 bytes -> C:\Users\Papa\AppData\Local\Application Data:hyw0Rwl9PVU2PJpsDszhkI6gqM7x8E
@Alternate Data Stream - 1086 bytes -> C:\Users\Papa\AppData\Local:hyw0Rwl9PVU2PJpsDszhkI6gqM7x8E
@Alternate Data Stream - 1 bytes -> C:\ProgramData\Application Data:58EC8EE7B78A9BC1
@Alternate Data Stream - 1 bytes -> C:\ProgramData\Application Data:482EE99B1E21CE8C
@Alternate Data Stream - 1 bytes -> C:\ProgramData:58EC8EE7B78A9BC1
@Alternate Data Stream - 1 bytes -> C:\ProgramData:482EE99B1E21CE8C
< End of report >
         
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/21/2016 11:56:58 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 33.91 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1483.43 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive F: | 500.00 Mb Total Space | 170.97 Mb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 72.07 Mb Free Space | 72.07% Space Free | Partition Type: NTFS
Drive H: | 111.30 Gb Total Space | 74.47 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive X: | 1.87 Gb Total Space | 1.38 Gb Free Space | 74.17% Space Free | Partition Type: NTFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}" = Adobe Photoshop Lightroom 5.7 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418066F0}" = Java 8 Update 66 (64-bit)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FC09265-8AAD-410D-B88D-EBAA41327056}" = Native Instruments Scarbee Funk Guitarist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E0ECE7E9-6B40-4DCB-9040-551E26C698D4}" = DxO OpticsPro 10
"7-Zip" = 7-Zip 15.14 (x64)
"LatencyMon_is1" = LatencyMon 6.50
"NTLite_is1" = NTLite v1.0.0.3442
"Sylenth1_is1" = Sylenth1 v2.21
"VLC media player" = VLC media player 2.1.0
"Windows8FirewallControl_is1" = Windows8FirewallControl (x64) 6.1.9.53
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}" = Adobe Photoshop Lightroom 5.7 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418066F0}" = Java 8 Update 66 (64-bit)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FC09265-8AAD-410D-B88D-EBAA41327056}" = Native Instruments Scarbee Funk Guitarist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E0ECE7E9-6B40-4DCB-9040-551E26C698D4}" = DxO OpticsPro 10
"7-Zip" = 7-Zip 15.14 (x64)
"LatencyMon_is1" = LatencyMon 6.50
"NTLite_is1" = NTLite v1.0.0.3442
"Sylenth1_is1" = Sylenth1 v2.21
"VLC media player" = VLC media player 2.1.0
"Windows8FirewallControl_is1" = Windows8FirewallControl (x64) 6.1.9.53
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"Dropbox" = Dropbox
"Mozilla Firefox 45.0.2 (x86 de)" = Mozilla Firefox 45.0.2 (x86 de)
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
< End of report >
         
__________________


Geändert von lucious (22.07.2016 um 16:57 Uhr)

Alt 27.07.2016, 14:09   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus. - Standard

Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.



Ich vermute defekte Windows-Installation, Malware seh ich da nicht abgesehen von einer verdächtigen GroupPolicy, die gerne aber nicht notwendigerweise von Malware erstellt wird.

Willst du noch weiter herumdoktorn oder lieber gleich Daten sichern und direkt mit W10 neu installieren? Heute und morgen kannst W10 noch kostenlos aktivieren mit deinem W7 Key.
__________________
__________________

Antwort

Themen zu Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.
abgesicherten, bildschirm, booten, check, diskpart, eingabeaufforderung, erstellt, fehlermeldung, finale, hallo zusammen, logfiles, maus, modus, neustart, nicht mehr, recht, relativ, report, schwarzer bildschirm, schwarzer bildschirm mit mauszeiger, screen, start auch im abgesicherten modus nicht möglich, startet, startet nicht, strg, systemstart, win 7 64bit, windows, windows 7




Ähnliche Themen: Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus.


  1. Windows 8 startet nicht mehr und auch kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 09.11.2015 (7)
  2. Laptop fährt nicht hoch - schwarzer Bildschirm - auch kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (9)
  3. win7 startet nicht - nur schwarzer Bildschim und erneuter S+tart
    Alles rund um Windows - 14.09.2014 (24)
  4. Windows 7: Langsam, MBam startet nicht, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (7)
  5. Windows 7 32bit Home, schwarzer Bildschim auch im abgesicherten Modus
    Log-Analyse und Auswertung - 15.12.2013 (9)
  6. Windows XP - GVU-Trojaner - kein Start im abgesicherten Modus
    Log-Analyse und Auswertung - 17.11.2013 (13)
  7. GVU Trojaner - Windows startet nicht mehr im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (17)
  8. GVU BKA Trojaner Win 7 startet nicht mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 11.09.2013 (13)
  9. BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus
    Log-Analyse und Auswertung - 05.09.2013 (15)
  10. PC lässt sich nicht mehr hochfahren, auch nicht im abgesicherten Modus (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (11)
  11. gvu-virus,windows7 startet nicht mehr im abgesicherten modus
    Log-Analyse und Auswertung - 12.01.2013 (2)
  12. BundesTrojaner? PC startet nicht mehr im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (45)
  13. Bundespolizei Trojaner - auch im abgesicherten Modus nicht mehr Start möglich
    Log-Analyse und Auswertung - 05.12.2011 (8)
  14. Windows XP Pro startet nur mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 05.11.2011 (6)
  15. Nach Combofix im abgesicherten Modus kein normaler Start mehr möglich - WINXP
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (1)
  16. Trojanerbefall, PC fährt nicht mehr hoch, auch nicht im abgesicherten Modus...
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (28)
  17. Windows startet nicht,auch nicht im abgesicherten Modus
    Alles rund um Windows - 29.07.2008 (3)

Zum Thema Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus. - Hallo Zusammen, mein Windows 7 PC fährt seit einigen Tagen nicht mehr hoch. "Windows wird geladen" wird beim booten noch angezeigt, aber kein Login-Eingabefeld mehr. Dann schwarzer Bildschirm mit beweglicher - Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus....
Archiv
Du betrachtest: Windows 7 startet nicht mehr, auch kein Start im abgesicherten Modus, stop bei classpnp.sys, schwarzer Bildschim mit Maus. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.