Rechner friert bei Virenscan immer ein

divemouse1973 · Dec 10, 2012

So langsam bin ich ratlos..... Seit einiger Zeit friert mein Rechner immer ein, wenn ich den Virenscan mache. Es hilft dann nur noch ein kaltes Ausschalten :-( Nun habe ich schon versucht, ob es mit der aktuellen Version von Antivir, welches ich bisher installiert hatte, besser ist. Ergebnis gleich 0 :-( Also Antivir runter vom Rechner und ein anderes Programm (avast!) rauf - neuer Scan - wieder das gleich Problem. Irgendwann bleibt der Rechner hängen, es geht nichts mehr und es hilft nur noch "aus".
Woran kann dieser Fehler liegen ? Ich würde gerne endlich mal wieder einen kompletten Scan durchführen können ?

deoroller · Dec 10, 2012

Sind mehrere AV-Programme installiert? Ein unsauber deinstallierter Scanner kann sich auch mit einem später installierten verhakt haben.

divemouse1973 · Dec 10, 2012

Ich habe Antivir ganz regulär über: Programme und Funktionen - deinstallieren vom Rechner entfernt, bevor ich das neue Programm installiert hab. Ein anderes Programm habe ich nicht auf dem Rechner. Antivir hatte ich auch schon sein Jahren drauf und das Problem ist erst vor kurzem aufgetreten.

Hinti1 · Dec 10, 2012

Ich hab auch Avast drauf seit 21.11.2011 als ich den PC baute und aufsetzte und seit dem keinen einzigen Scan-Durchlauf gemacht weil ich davon nichts halte.

deoroller · Dec 10, 2012

Die Scanfunktion wird aber bei dir auch funktionieren, wenn du es wolltest.
Beim TO gibt es einen Fehler, dem man auf den Grund gehen sollte.
Bei der Analyse kann OldTimer's OTL helfen.

divemouse1973 · Dec 10, 2012

Auch wenn ich tagtäglich am Rechner sitze.... was bitte ist ein TO und was ist dieses Old Timers ? :-)

Hascheff · Dec 10, 2012

divemouse1973 said: ↑

was bitte ist ein TO
Click to expand...

Das bist du. (Thread opener)

und was ist dieses Old Timers ? :-)
Click to expand...

Klick einfach mal drauf!

divemouse1973 · Dec 10, 2012

Danke :-)
Hier nun das Ergebnis:

OTL logfile created on: 10.12.2012 21:27:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\divemouse1973\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,34% Memory free
6,19 Gb Paging File | 4,63 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 33,86 Gb Free Space | 23,51% Space Free | Partition Type: NTFS
Drive D: | 137,50 Gb Total Space | 75,73 Gb Free Space | 55,08% Space Free | Partition Type: NTFS

Computer Name: DIVEMOUSE197-PC | User Name: divemouse1973 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.10 21:26:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\divemouse1973\Downloads\OTL.exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.10.08 11:02:00 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.10.08 11:01:32 | 000,107,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.06.26 17:24:45 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\DIVEMO~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.06.14 13:18:23 | 003,833,640 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2009.06.14 13:18:19 | 003,485,696 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.06.14 13:18:11 | 003,520,512 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2009.06.14 13:18:03 | 003,719,680 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2009.01.07 16:41:42 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.19 14:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2008.06.30 16:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.06.16 10:58:38 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.05.26 04:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.03.27 11:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012.11.28 04:43:16 | 012,456,040 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2011.07.10 19:47:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.10 19:45:01 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.10 19:44:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.04 04:28:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.03 19:36:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.03 19:36:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.03 19:35:25 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.07.03 19:34:01 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.03 19:33:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.06.14 13:18:23 | 003,833,640 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
MOD - [2009.02.02 12:43:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009.02.02 12:43:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009.02.02 12:43:40 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.07.27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.30 16:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007.09.11 10:12:08 | 000,475,136 | ---- | M] () -- C:\Programme\Acer\Acer VCM\AcerControl.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2012.11.11 08:54:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.10.08 11:02:00 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.06.29 20:37:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.14 13:18:11 | 003,520,512 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.07.19 14:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.26 04:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.09.21 08:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.08.05 05:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.06.14 13:18:07 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2009.03.20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2008.12.05 11:24:00 | 007,538,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.17 13:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/06/27 07:35:09] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.09.24 22:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.26 04:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.05.07 11:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.12.18 16:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_8930
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_8930
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_8930
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.marcus-krueger.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {C963BCF6-220A-4D61-890D-08EC0EC671F2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{B97232D1-2FC4-41A4-AEC1-590F19AF5827}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{C963BCF6-220A-4D61-890D-08EC0EC671F2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de___DE333
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\divemouse1973\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\divemouse1973\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 17:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.10 14:04:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 17:40:58 | 000,000,000 | ---D | M]

[2012.12.10 14:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.10 10:44:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.10 10:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.10 10:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.10 10:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.marcus-krueger.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.marcus-krueger.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\divemouse1973\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\divemouse1973\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Users\divemouse1973\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\divemouse1973\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\divemouse1973\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\divemouse1973\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\divemouse1973\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{066A667D-6DAF-4F8A-8A55-60BBBB3ADDE2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D12279-C9FE-4919-B3C2-94C4123E65E8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\divemouse1973\Pictures\Dänemark 2012\P8050121.JPG
O24 - Desktop BackupWallPaper: C:\Users\divemouse1973\Pictures\Dänemark 2012\P8050121.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.10 17:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.12.10 14:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.10 14:04:55 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.10 14:04:55 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.10 14:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.10 14:04:53 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.12.10 14:04:52 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.10 14:04:50 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.10 14:04:49 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.10 14:04:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.10 14:04:13 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.10 14:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.10 14:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.10 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.11 20:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.11.11 20:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.11 20:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012.12.10 21:33:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.10 20:57:55 | 000,049,015 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.12.10 20:57:55 | 000,049,015 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.10 20:57:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.10 20:57:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 20:57:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 17:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.10 17:05:17 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.12.10 16:01:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.10 16:01:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.10 16:01:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.10 16:01:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.10 15:56:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.12.10 15:55:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.10 15:55:08 | 3215,990,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 14:06:02 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 14:04:55 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.10 14:04:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.10 11:27:10 | 000,013,936 | ---- | M] () -- C:\Users\divemouse1973\AppData\Local\recently-used.xbel
[2012.11.17 20:33:40 | 000,061,952 | ---- | M] () -- C:\Users\divemouse1973\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.11 21:02:19 | 000,020,286 | ---- | M] () -- C:\Users\divemouse1973\Documents\DB AutoZug GmbH - Internet Kooperationssystem.pdf
[2012.11.11 20:37:45 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.11 08:54:49 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.11 08:54:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012.12.10 17:05:17 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.12.10 14:06:02 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 14:04:55 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.10 11:27:10 | 000,013,936 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\recently-used.xbel
[2012.11.30 18:55:38 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.11.11 21:02:19 | 000,020,286 | ---- | C] () -- C:\Users\divemouse1973\Documents\DB AutoZug GmbH - Internet Kooperationssystem.pdf
[2012.11.11 20:37:45 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.03 20:26:09 | 002,525,238 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\[j0005]-[p04].bmp
[2012.10.03 20:25:57 | 002,525,238 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\[j0005]-[p03].bmp
[2012.10.03 20:25:42 | 002,525,238 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\[j0005]-[p02].bmp
[2012.10.03 20:25:29 | 002,525,238 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\[j0005]-[p01].bmp
[2012.06.08 17:37:46 | 000,000,067 | ---- | C] () -- C:\Users\divemouse1973\.gtk-bookmarks
[2011.11.06 20:15:03 | 000,101,683 | ---- | C] () -- C:\Users\divemouse1973\_8144157.jpg
[2011.11.06 20:14:28 | 000,065,952 | ---- | C] () -- C:\Users\divemouse1973\_8144154.jpg
[2011.02.28 21:16:53 | 000,000,974 | ---- | C] () -- C:\Users\divemouse1973\Bildbestellung2.html
[2011.02.27 12:12:47 | 000,000,975 | ---- | C] () -- C:\Users\divemouse1973\Bildbestellung.html
[2010.06.20 14:42:20 | 000,031,007 | ---- | C] () -- C:\Users\divemouse1973\AppData\Roaming\UserTile.png
[2009.06.28 14:55:27 | 000,061,952 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.27 06:31:45 | 000,000,680 | ---- | C] () -- C:\Users\divemouse1973\AppData\Local\d3d9caps.dat
[2009.06.26 19:12:49 | 000,049,015 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.26 19:12:45 | 000,049,015 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.26 18:04:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TempAFD38AE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:F65733F1

< End of report >

deoroller · Dec 10, 2012

Das sollte man besser in eine Textdatei packen und anhängen.

deoroller · Dec 10, 2012

Die Dateien sind ein Hinweis auf den Microsoft System Management Server.

C:\Windows\System32\perfh007.dat
[2012.12.10 16:01:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.10 16:01:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.10 16:01:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

divemouse1973 · Dec 10, 2012

Und das bedeutet ? Ich kann mir nicht vorstellen, dass das mit meinem Problem zusammenhängt - ich bin aber nur ein Laie ,der möchte, dass der Rechner wieder richtig läuft.

deoroller · Dec 10, 2012

Ich habe wenig Hoffnung.

HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32
und
HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32

deuten auf Trojaneraktivität.

IRON67 · Dec 10, 2012

Internet Explorer (Version = 8.0.6001.19088)
Click to expand...

Der IE ist veraltet. Da Windows ihn auch dann intern, z.B. für ICQ und Skype verwendet, wenn fürs Surfen ein anderer Browser verwendet wird, muss der IE aktuell gehalten werden.

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
Click to expand...

Fragwürdige und vermutlich über einen Browser-Hijacker vorgenommene Manipulation der Standardsuchmaschine. Sollte man tunlichst entfernen.

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Click to expand...

Die Version von Adobe Reader ist veraltet und bildet dadurch eine Angriffsfläche für Drive-by-Infektionen beim bloßen Aufrufen entsprechend präparierter Webseiten.

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Click to expand...

Könnte ein Grund für Abstürze sein. Der sollte deaktiviert werden, wenn ein anderer vollwertiger Virenscanner aktiv ist.

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ... (Java Plug-in 1.6.0_37)
Click to expand...

Das ist zwar die letzte aktuelle Java-Version im alten 6er-Zweig, aber wegen vorhandener Sicherheitslücken (in der neuen 7er 7 U9 sinds auch mehrere) sollte Java im Browser komplett deaktiviert bleiben.

deoroller said:

deuten auf Trojaneraktivität.
Click to expand...

Nicht nur deuten. Das dürfte ZeroAccess aka Sirefef sein.

Siehe hier...
und hier...

Dieser PC schreit nach komplettem Neuaufsetzen.

divemouse1973 · Dec 11, 2012

Irgendwie hatte ich auf ein anderes "Ergebnis" gehofft...
Also den IE nutz ich überhaupt nicht - ich bin eigentlich auch der Meinung, den schon vor Ewigkeiten vom Rechner geschmissen zu haben. Den Defender hab ich grad mal deaktiviert.
Neuaufsetzen bedeutet wohl, schnell ne Datensicherung, alles runterschmeißen und alles neu rauf ?

IRON67 · Dec 11, 2012

divemouse1973 said: ↑

Also den IE nutz ich überhaupt nicht
Click to expand...

Lies doch bitte, was ich schrieb. Es spielt keine Rolle, ob DU den zum Surfen nutzt. Dein System nutzt ihn intern und andere Software ebenfalls.

ich bin eigentlich auch der Meinung, den schon vor Ewigkeiten vom Rechner geschmissen zu haben.
Click to expand...

Das geht gar nicht. Du kannst nur die aktuelle Version durch eine ältere ersetzen. Und das war es wohl auch, was du getan hast. Du hast den IE 9 durch IE8 ersetzt. Dolle Wurst.

Neuaufsetzen bedeutet wohl, schnell ne Datensicherung, alles runterschmeißen und alles neu rauf ?
Click to expand...

Ja, aber nicht SCHNELL, sondern in Ruhe und mit Kopf. Datensicherung hat nicht von infizierten System aus zu erfolgen, sondern mit einer Linux-Live-CD wie Knoppix oder Xubuntu. Die brennst du dir auf einem anderen PC.
Gesichert werden private Dokumente, Bilder, Spielstände und Mails, aber KEINE Programme, Treiber, Zip-Dateien aus fremden Quellen usw.

Log in or Sign up

Rechner friert bei Virenscan immer ein

divemouse1973 ROM

deoroller Wandelndes Forum

divemouse1973 ROM

Hinti1 Ganzes Gigabyte

deoroller Wandelndes Forum

divemouse1973 ROM

Hascheff Moderator

divemouse1973 ROM

deoroller Wandelndes Forum

deoroller Wandelndes Forum

divemouse1973 ROM

deoroller Wandelndes Forum

IRON67 Megabyte

divemouse1973 ROM

IRON67 Megabyte

Share This Page