Zurück   Trojaner-Board > Web/PC > Alles rund um Windows
PC friert ein und macht einen Neustart

PC friert ein und macht einen Neustart


Alles rund um Windows: PC friert ein und macht einen Neustart

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 19.06.2013, 16:11   #1
Acebeatz
 
PC friert ein und macht einen Neustart - Standard

Problem: PC friert ein und macht einen Neustart


Hallo,

letztens hatte ich es mit System doctor 2014 es zu tun, diesen habe ich auch mithilfe von euch ordentlich wegbekommen.

http://www.trojaner-board.de/136228-...ml#post1080826



Doch seit gestern passiert es zwischendurch immer wieder, dass der Computer beim Surfen via Firefox (vlt. war es bisjetzt auch nur Zufall, dass es immer beim Surfen in Firefox der Fall war) einfriert und sich von neustartet. Speziell nachdem ich schnell beim Tipseln oder schnell am hin und her klicken war. Was kann das sein?

Code:
ATTFilter
OTL logfile created on: 19.06.2013 17:07:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,15% Memory free
8,00 Gb Paging File | 5,64 Gb Available in Paging File | 70,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 309,79 Gb Free Space | 66,53% Space Free | Partition Type: NTFS
Drive E: | 58,70 Gb Total Space | 58,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 9,91 Gb Total Space | 9,84 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive G: | 397,14 Gb Total Space | 313,17 Gb Free Space | 78,85% Space Free | Partition Type: NTFS
 
Computer Name: PRIMUS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 10:36:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 11:13:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 11:13:05 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.03.27 11:13:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.24 18:25:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011.09.28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\CAHS.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 15:31:08 | 000,837,008 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\CAHS.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\Corsair USB Headset\Customapp\Program\VMixHS.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.15 18:37:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.02 10:36:56 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.05.02 10:36:54 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.27 11:13:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 11:13:05 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.27 11:13:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.24 18:25:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.09 00:56:41 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013.03.27 11:13:24 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 11:13:24 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 11:13:24 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.02.07 15:30:59 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.02.07 15:30:59 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.24 12:05:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.08.24 12:05:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.06.16 23:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.11 15:35:46 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2007.04.11 15:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007.04.11 15:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007.04.11 15:34:58 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.10 22:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.18 11:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.26 10:18:55 | 000,000,000 | ---D | M]
 
[2011.07.30 22:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013.06.18 11:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\kodj8zu1.default-1371405423556\extensions
[2013.06.18 11:15:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\kodj8zu1.default-1371405423556\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.18 11:18:18 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\kodj8zu1.default-1371405423556\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.06.18 10:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.17 10:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.17 10:25:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe (Razer USA Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBB2DA1-0D0E-4784-85C3-0E5E7762137D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14580141-982e-11e0-bc73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{14580141-982e-11e0-bc73-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 16:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.06.17 13:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.17 10:47:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Opera
[2013.06.17 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Opera
[2013.06.17 10:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.06.17 10:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.16 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Alte Firefox-Daten
[2013.06.10 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.10 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.06.10 17:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.10 17:01:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.10 17:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.09 00:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.30 13:48:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gnubg
[2013.05.26 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2013.05.26 11:08:40 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.05.26 11:08:40 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.05.26 11:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.05.26 10:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.26 10:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.26 10:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.26 10:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 16:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.19 16:26:33 | 000,377,856 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
[2013.06.19 16:17:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.06.19 16:16:56 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.06.19 16:13:49 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 16:13:49 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 16:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 16:05:34 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.17 10:47:30 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.17 10:25:53 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.16 12:06:05 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.16 12:06:05 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.15 21:47:02 | 000,007,601 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013.06.15 12:45:12 | 000,648,201 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013.06.14 20:01:23 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.13 12:00:04 | 000,000,838 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2013.06.13 02:30:23 | 000,777,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.13 02:30:23 | 000,730,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.13 02:30:23 | 000,179,700 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.13 02:30:23 | 000,151,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.13 02:30:22 | 001,816,768 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.13 02:30:17 | 001,816,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.10 22:30:43 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.10 17:01:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.09 12:09:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.09 12:09:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.09 01:12:17 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.09 00:56:41 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.06.09 00:48:58 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.05.27 17:24:31 | 013,262,582 | ---- | M] () -- C:\Users\Administrator\Documents\Skript_Physik-Kurs.pdf
[2013.05.27 17:23:21 | 002,417,358 | ---- | M] () -- C:\Users\Administrator\Documents\humanmed-physik.pdf
[2013.05.26 11:33:50 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.26 10:18:48 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.26 10:17:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.19 16:17:17 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.06.19 16:16:57 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.06.17 10:47:30 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.17 10:47:30 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.17 10:25:53 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.17 10:25:53 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.15 12:45:14 | 000,648,201 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013.06.13 12:00:04 | 000,000,838 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2013.06.10 22:30:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.10 22:30:43 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.10 17:01:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.09 12:09:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.09 12:09:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.09 02:42:03 | 000,377,856 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
[2013.06.09 01:12:11 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.09 00:56:41 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.06.09 00:48:58 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.06.09 00:48:58 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.05.27 17:24:35 | 013,262,582 | ---- | C] () -- C:\Users\Administrator\Documents\Skript_Physik-Kurs.pdf
[2013.05.27 17:23:51 | 002,417,358 | ---- | C] () -- C:\Users\Administrator\Documents\humanmed-physik.pdf
[2013.05.26 11:33:50 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.26 11:09:07 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.26 11:02:16 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.13 01:59:06 | 000,004,738 | ---- | C] () -- C:\Users\Administrator\maxout.gnuplot
[2012.12.08 02:58:01 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2012.12.04 21:50:37 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012.09.18 16:25:08 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2012.dat
[2012.07.22 15:05:35 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2012.07.22 14:57:44 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.25 13:38:29 | 000,007,601 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012.06.11 00:06:54 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2012.04.29 22:53:23 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2012.04.29 22:53:21 | 000,013,521 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2012.04.29 22:53:16 | 000,002,029 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2012.04.29 22:53:16 | 000,000,688 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2012.04.29 22:53:15 | 000,000,638 | ---- | C] () -- C:\Windows\CAHS1.ini
[2012.04.04 22:49:04 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2011.12.29 20:34:48 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.10.12 20:44:14 | 000,200,332 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.08.31 14:35:52 | 001,816,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.27 16:55:26 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.07.09 15:00:25 | 000,001,477 | ---- | C] () -- C:\Users\Administrator\AppData\Local\RecConfig.xml
[2011.06.21 17:55:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.16 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2012.10.01 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BANDISOFT
[2012.07.17 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2012.11.12 22:47:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CadSoft
[2011.08.05 00:37:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.03.26 14:15:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.04.29 22:53:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Corsair
[2012.07.15 11:45:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2011.09.24 13:02:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011.06.16 19:04:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Easeware
[2011.07.30 22:06:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeVideoConverter
[2012.10.18 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2012.04.20 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Image-Line
[2012.10.06 17:06:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2013.06.17 10:47:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.12.24 23:39:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012.09.20 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\pokerth
[2012.08.08 18:57:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\runic games
[2012.09.29 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synthesia
[2012.04.22 18:45:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SynthMaker
[2011.07.28 00:58:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sytexis Software
[2012.10.14 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\texstudio
[2013.02.27 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Creative Assembly
[2011.08.23 15:40:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2013.06.18 20:52:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2011.07.11 13:31:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.09.17 16:45:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2013.03.08 02:48:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WordToPDF
 
========== Purity Check ==========
 
 

< End of report >

Warum bekam ich kein Extra.txt????



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 16:52:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD5001AALS-00L3B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdiapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                      fffff80003406000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574                                                                      fffff8000340600e 3 bytes [00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076511465 2 bytes [51, 76]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000765114bb 2 bytes [51, 76]
.text     ...                                                                                                                                     * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69     0000000076511465 2 bytes [51, 76]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1920] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155    00000000765114bb 2 bytes [51, 76]
.text     ...                                                                                                                                     * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076511465 2 bytes [51, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000765114bb 2 bytes [51, 76]
.text     ...                                                                                                                                     * 2
.text     C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076511465 2 bytes [51, 76]
.text     C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000765114bb 2 bytes [51, 76]
.text     ...                                                                                                                                     * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                  0000000072871a22 2 bytes [87, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                  0000000072871ad0 2 bytes [87, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                  0000000072871b08 2 bytes [87, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                  0000000072871bba 2 bytes [87, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                  0000000072871bda 2 bytes [87, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076511465 2 bytes [51, 76]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000765114bb 2 bytes [51, 76]
.text     ...                                                                                                                                     * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [1684:1688]                                                                                               000000000012d227
Thread    C:\Windows\SysWOW64\ntdll.dll [1684:3236]                                                                                               0000000074ede2db
Thread    C:\Windows\SysWOW64\ntdll.dll [1684:3336]                                                                                               0000000074948df0
Thread    C:\Windows\SysWOW64\ntdll.dll [1684:3340]                                                                                               0000000074948df0
Thread    C:\Windows\SysWOW64\ntdll.dll [1684:3344]                                                                                               0000000074948df0
Thread    C:\Windows\SysWOW64\ntdll.dll [1684:3348]                                                                                               0000000074944e70
Thread    C:\Windows\SysWOW64\ntdll.dll [2832:2836]                                                                                               0000000000b73fe1
Thread    C:\Windows\SysWOW64\ntdll.dll [2832:1208]                                                                                               0000000073af8bcc
Thread    C:\Windows\SysWOW64\ntdll.dll [2832:2108]                                                                                               0000000073af8ea1
Thread    C:\Windows\SysWOW64\ntdll.dll [2832:2168]                                                                                               0000000073af87ab
Thread    C:\Windows\SysWOW64\ntdll.dll [2832:3736]                                                                                               0000000073cd0dd0
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4168:4776]                                                                          000007fefb8d2a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4168:4784]                                                                          000007feefe3d618

---- EOF - GMER 2.1 ----
Jetzt schon mal vielen Dank!

Ace

Alt 19.06.2013, 16:39   #2
ryder
/// TB-Ausbilder
 
PC friert ein und macht einen Neustart - Standard

PC friert ein und macht einen Neustart Anleitung / Hilfe


Notiz an die Kollegen: Auf den ersten Blick kein Malwarebefall.
__________________

__________________
Alt 19.06.2013, 22:15   #3
Acebeatz
 
PC friert ein und macht einen Neustart - Standard

PC friert ein und macht einen Neustart Details


Kann es an der Hardware liegen?
__________________
Antwort

Themen zu PC friert ein und macht einen Neustart
adobe, antivir, avg, avira, bho, bonjour, browser, computer, excel, firefox, flash player, format, home, launch, logfile, mozilla, ntdll.dll, object, plug-in, realtek, refresh, registry, scan, software, system, temp, usb, windows


« Java Installation: Probleme | Win7 ServicePack 1 lässt sich nicht installieren »


Ähnliche Themen: PC friert ein und macht einen Neustart


  1. Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig
    Log-Analyse und Auswertung - 06.10.2015 (37)
  2. PC friert ein wenn Browser benutzt wird. Kein Blue Screen/Fehlermeldung. Manueller Neustart nötig.
    Log-Analyse und Auswertung - 21.07.2015 (20)
  3. Facebook macht eine Systemfehler Meldung die meinen PC zum sofortigen neustart erzwingt.
    Plagegeister aller Art und deren Bekämpfung - 06.05.2015 (5)
  4. Facebook macht eine Systemfehler Meldung die meinen PC zum sofortigen neustart erzwingt.
    Alles rund um Windows - 03.05.2015 (1)
  5. Thunderbird 24.6.0 friert PC ein - Neustart nur über Powerknopf möglich
    Log-Analyse und Auswertung - 07.07.2014 (31)
  6. Thunderbird 24.6.0 friert PC ein - Neustart nur über Powerknopf möglich
    Alles rund um Windows - 04.07.2014 (14)
  7. AntiVir findet versteckte Dateien und bietet einen Neustart an ohne Resultat
    Antiviren-, Firewall- und andere Schutzprogramme - 22.05.2014 (3)
  8. # Maus macht unkrontrollierte Bewegungen, Rechner friert ein
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (9)
  9. PC friert öfters ein - Neustart erforderlich (manchmal nur über Reset-Knopf)
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (19)
  10. PC deaktiviert Internetzugang nach einiger Zeit und hindert mich zu einen Neustart
    Log-Analyse und Auswertung - 10.06.2013 (5)
  11. auf einen link im chat geklick - blauber bildschirm - computer neustart - nun browser lahm ::: XP
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (1)
  12. Rechner friert ein/ Festplatte nach neustart nicht erkannt
    Log-Analyse und Auswertung - 23.04.2009 (0)
  13. Brauche dringend Hilfe - Pc führt ständig einen Neustart durch
    Plagegeister aller Art und deren Bekämpfung - 26.07.2008 (10)
  14. pc macht neustart und Internet funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 24.12.2007 (0)
  15. Taskleiste friert ein,Maus macht was sie will
    Alles rund um Windows - 25.11.2007 (0)
  16. pc macht ständiger neustart/virsuscan ergab nix.
    Log-Analyse und Auswertung - 05.08.2007 (1)
  17. XP macht ca alle 160 Minuten ungewollten Neustart
    Alles rund um Windows - 28.01.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC friert ein und macht einen Neustart - Hallo, letztens hatte ich es mit System doctor 2014 es zu tun, diesen habe ich auch mithilfe von euch ordentlich wegbekommen. http://www.trojaner-board.de/136228-...ml#post1080826 Doch seit gestern passiert es zwischendurch immer wieder, - PC friert ein und macht einen Neustart...
Archiv
Du betrachtest: PC friert ein und macht einen Neustart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55