|
Blauer Bildschirm beim Hochfahren und abmelden Hallo, ich mach mir Sorgen bei meinen alten Notebook Vista/32bit erscheint jetzt beim hochbbooten ein blauer Bildschirm(Bleuscreen)-noch ohne Fehlermeldung....das gleiche beim runterfahren... kann man dies wieder ändern!! Gruß Anm Gestern den Malewarescan durchgeführt...fand auch eine Gefährdung...aber seitdem Startvorgang eher noch langsamer! |
hi, Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
l (FRST) (x86) Version:25-05-2014 02 Ran by Andreas-Hering (administrator) on ANDIPC on 28-05-2014 10:23:43 Running from C:\Users\Andreas-Hering\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Acer\Mobility Center\MobilityService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Realtek Semiconductor Corp.) C:\Users\Andreas-Hering\AppData\Local\Temp\RtkBtMnt.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [525360 2008-03-05] (Egis Incorporated) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard) HKLM\...\Run: [hpqSRMon] => [X] HKLM\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [Regadv] => C:\Users\Andreas-Hering\AppData\Roaming\Atlcom\faxole.exe [0 2011-05-07] () HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [Google Update] => C:\Users\Andreas-Hering\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-02] (Google Inc.) HKU\S-1-5-21-2887338088-1308130873-1768698785-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/ hxxp://www.bing.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_uid=7485881811054767&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {71414E3E-76C0-44C6-9D25-B2147EE00848} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {7CC912FE-4C81-4F57-90C2-50181E3E772B} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {80DC1AC9-B819-4448-BF24-A5AE1822A782} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_uid=7485881811054767&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {A67939BB-CE14-4C74-8D48-9E44A3A68592} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas-Hering\AppData\Roaming\Mozilla\Firefox\Profiles\4jb6ktwh.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andreas-Hering\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andreas-Hering\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas-Hering\AppData\Roaming\Mozilla\Firefox\Profiles\4jb6ktwh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: search-results.com CHR DefaultSearchProvider: Search Results CHR DefaultSearchURL: hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=287&systemid=406&apn_uid=7485881811054767&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-30] CHR Extension: (Google Drive) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-30] CHR Extension: (YouTube) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-30] CHR Extension: (Adblock Plus) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-16] CHR Extension: (Google-Suche) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-30] CHR Extension: (avast! Online Security) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-22] CHR Extension: (WEB.DE MailCheck) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-03-30] CHR Extension: (Google Wallet) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Google Mail) - C:\Users\Andreas-Hering\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-30] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-10] CHR HKCU\...\Chrome\Extension: [jaogepninmlbinccpbiakcgiolijlllo] - C:\Users\Andreas-Hering\AppData\Local\1&1 Mail & Media\WEB.DE MailCheck\GC\webde_mailcheck.1.0.crx [2013-01-14] ========================== Services (Whitelisted) ================= R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-10] (AVAST Software) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) S2 LexBceS; C:\Windows\System32\LEXBCES.EXE [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-16] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-10] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-16] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-10] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-10] () R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.) S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [75776 2007-12-16] (Wasay) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.) S1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 10:23 - 2014-05-28 10:24 - 00019682 _____ () C:\Users\Andreas-Hering\Downloads\FRST.txt 2014-05-28 10:23 - 2014-05-28 10:23 - 00000000 ____D () C:\FRST 2014-05-28 10:22 - 2014-05-28 10:22 - 01056256 _____ (Farbar) C:\Users\Andreas-Hering\Downloads\FRST.exe 2014-05-20 20:46 - 2014-05-20 20:46 - 00000579 _____ () C:\Users\Andreas-Hering\Downloads\TerminExport_130905061vkc2359.ics 2014-05-16 18:05 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 18:05 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 18:05 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 18:40 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-10 18:25 - 2014-05-10 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-10 18:25 - 2014-05-10 18:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-28 10:24 - 2014-05-28 10:23 - 00019682 _____ () C:\Users\Andreas-Hering\Downloads\FRST.txt 2014-05-28 10:23 - 2014-05-28 10:23 - 00000000 ____D () C:\FRST 2014-05-28 10:22 - 2014-05-28 10:22 - 01056256 _____ (Farbar) C:\Users\Andreas-Hering\Downloads\FRST.exe 2014-05-28 10:01 - 2013-07-10 07:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-28 10:00 - 2012-08-02 19:59 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887338088-1308130873-1768698785-1000UA.job 2014-05-28 09:30 - 2012-06-12 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-28 08:38 - 2008-05-29 12:20 - 01491540 _____ () C:\Windows\WindowsUpdate.log 2014-05-28 08:34 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-28 08:29 - 2013-07-10 07:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-28 08:28 - 2008-01-21 04:47 - 14980116 _____ () C:\Windows\PFRO.log 2014-05-28 08:28 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 08:28 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-28 08:28 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-27 21:58 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-27 19:10 - 2014-03-21 19:41 - 00000000 ____D () C:\Users\Andreas-Hering\AppData\Roaming\vlc 2014-05-26 20:35 - 2010-08-19 19:27 - 00019968 _____ () C:\Users\Andreas-Hering\Documents\FC Wacker München.wps 2014-05-26 20:35 - 2008-08-12 09:38 - 00002106 _____ () C:\Users\Andreas-Hering\AppData\Roaming\wklnhst.dat 2014-05-26 08:00 - 2012-08-02 19:59 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887338088-1308130873-1768698785-1000Core.job 2014-05-24 09:02 - 2012-08-02 20:00 - 00002083 _____ () C:\Users\Andreas-Hering\Desktop\Google Chrome.lnk 2014-05-20 20:46 - 2014-05-20 20:46 - 00000579 _____ () C:\Users\Andreas-Hering\Downloads\TerminExport_130905061vkc2359.ics 2014-05-16 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-16 18:20 - 2013-07-26 16:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 18:15 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-16 18:13 - 2013-11-22 18:11 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-16 18:13 - 2013-11-22 18:11 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-16 18:13 - 2013-11-22 18:11 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-05-16 18:01 - 2011-11-13 13:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-14 21:30 - 2012-06-13 18:30 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-05-14 21:30 - 2012-04-16 18:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 21:30 - 2011-06-09 18:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-10 18:25 - 2014-05-10 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-10 18:25 - 2014-05-10 18:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-10 18:25 - 2013-11-22 18:11 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400256737344 2014-05-10 18:25 - 2013-11-22 18:11 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-10 18:25 - 2013-11-22 18:11 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-10 18:25 - 2013-11-22 18:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-10 18:25 - 2013-11-22 18:11 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-05-10 18:25 - 2013-11-22 18:11 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1400256737344 2014-05-10 18:25 - 2013-11-22 18:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-10 18:25 - 2013-11-22 18:11 - 00001793 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-05-06 01:32 - 2014-05-16 18:05 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 01:14 - 2014-05-16 18:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 01:14 - 2014-05-16 18:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Some content of TEMP: ==================== C:\Users\Andreas-Hering\AppData\Local\Temp\7aA87C5.exe C:\Users\Andreas-Hering\AppData\Local\Temp\7aODDE0.exe C:\Users\Andreas-Hering\AppData\Local\Temp\AskInstallChecker.exe C:\Users\Andreas-Hering\AppData\Local\Temp\AskToolbarInstaller.exe C:\Users\Andreas-Hering\AppData\Local\Temp\ClicknView309SetupG.exe C:\Users\Andreas-Hering\AppData\Local\Temp\cmSED6A.exe C:\Users\Andreas-Hering\AppData\Local\Temp\Enlarger PRO v3.0.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate05.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate06.exe C:\Users\Andreas-Hering\AppData\Local\Temp\FlashPlayerUpdate07.exe C:\Users\Andreas-Hering\AppData\Local\Temp\funphotor.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-6u11-windows-i586-p-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Andreas-Hering\AppData\Local\Temp\kyY51F9.exe C:\Users\Andreas-Hering\AppData\Local\Temp\logomaker_full.exe C:\Users\Andreas-Hering\AppData\Local\Temp\NSISGSearchCheck.dll C:\Users\Andreas-Hering\AppData\Local\Temp\NSISPromotion.dll C:\Users\Andreas-Hering\AppData\Local\Temp\O91E253.exe C:\Users\Andreas-Hering\AppData\Local\Temp\ose00001.exe C:\Users\Andreas-Hering\AppData\Local\Temp\ose00002.exe C:\Users\Andreas-Hering\AppData\Local\Temp\Paintbuster.exe C:\Users\Andreas-Hering\AppData\Local\Temp\PhotoCollage_German1.41_8_23-2.exe C:\Users\Andreas-Hering\AppData\Local\Temp\Pic2Pic Setup.exe C:\Users\Andreas-Hering\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Andreas-Hering\AppData\Local\Temp\S7U9EE.exe C:\Users\Andreas-Hering\AppData\Local\Temp\start.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_clicknview.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_enlargerpro.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_funphotor.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_logomaker.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_paintbuster.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_photocollage.exe C:\Users\Andreas-Hering\AppData\Local\Temp\vollversion_pcwelt_pic2pic.exe C:\Users\Andreas-Hering\AppData\Local\Temp\w1EA9D5.exe C:\Users\Andreas-Hering\AppData\Local\Temp\YaG9AE9.exe C:\Users\Andreas-Hering\AppData\Local\Temp\ytb_8.1.0.51-2_2.1.0_ysp_1.2.8_mail_bts_pub_de_setup_.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-28 08:38 ==================== End Of Log ============================ FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02 |
Kannst Du mir mal nen Bild davon schicken? Mit dem Handy oder so machen und hier anhängen? |
Hallo, jetzt zur zeit startet er wieder ohne voll blauen Bildschirm in den Windowsmodus.:daumenhoc:daumenhoc Danke und Gruß |
Ich würd mal Grafikkarte und/oder Bildschirm testen. |
1. wie geht sowas...! und 2.frage mich-lohnt sich bei einen älteren Notebook sowas noch:killpc: |
wenn du eh an eine neuanschaffung denkst dann nicht :) Externen Monitor anschliessen, schauen ob es da auch kommt. Andere Grake geht eher schlecht, das müsste ein Fachhandel testen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:56 Uhr. |
Copyright ©2000-2025, Trojaner-Board