| |
| |||||||
Log-Analyse und Auswertung: Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.10.2014, 17:40
| #1 |
| |  Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Hallo liebes Trojaner-board Team, Der Computer meines Vaters zeigt seit ungefähr 1-2 Wochen in sehr kurzen Abständen die Fehlermeldung "SRPTM.exe funktioniert nicht mehr". Laut der Aussage meines Vaters, sei der Fehler aufgekommen, nachdem er eine wohl unvertrauenswürdige E-Mail geöffnet hat. Er sagt nach mehreren Durchsuchungen mit dem Anitiviren Programm Avira Antivir Pro, gab es keine Funde. Der PC wird von meinem Vater sowohl Privat, als auch gewerblich genutzt, also er ist Selbstständig und benutzt ihn für die Buchführung und zum Beispiel zum Schreiben von Rechnungen. Ich habe ansonsten alle .log files erstellt, jedoch hat GMER zwischendurch 2-3 mal gesagt, dass bereits ein anderer Prozess auf den Pfad "" zugreifen würde. Ich habe dann OK geklickt und der Scan ist fortgefahren. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:54 on 01/10/2014 (Harald)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014
Ran by Harald (administrator) on HARALD-PC on 01-10-2014 17:57:21
Running from C:\Users\Harald\Downloads
Loaded Profile: Harald (Available profiles: UpdatusUser & Harald)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Windows\Installer\MSI6F50.tmp
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Avanquest Software) C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProSmartScan.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dropbox, Inc.) C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
() C:\Users\Harald\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProLauncher.exe [134256 2014-04-17] (Avanquest Software)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\MountPoints2: {8b71b49d-4e21-11e2-be6a-806e6f6e6963} - "D:\InstallNavi.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv57H9_Q-lM2QcSWb1doMvHHC2hOIXsHX76eHk7aCFp6xFDGFqzbzEFbCXgEPgu8KZ7DamnHcaKC36Q8DYP_zRg,,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKCU - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL =
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://ixquick.de/
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=94F137AE-B8F8-45AC-902A-D6C7AAF31508&n=77fd2cf4&ind=2013080820&p2=^HJ^xdm382^YYA^de&si=pconverter&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\freesoftware.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Google Translator for Firefox - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\translator@zoli.bod.xpi [2014-05-24]
FF Extension: ImTranslator - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-05-24]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [804944 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IBYKUS AG: ELSA-Suite update permissions manager. 32063.; C:\WINDOWS\Installer\MSI6F50.tmp [675840 2014-03-25] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-09-30] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32768 2014-08-27] () <==== ATTENTION
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703584 2011-09-16] (SEIKO EPSON CORPORATION)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-25] (Dritek System INC.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-25] (Dritek System Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-12] (Acronis International GmbH)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-03-21] (Seiko Epson Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 17:57 - 2014-10-01 17:57 - 00022460 _____ () C:\Users\Harald\Downloads\FRST.txt
2014-10-01 17:57 - 2014-10-01 17:57 - 00000000 ____D () C:\FRST
2014-10-01 17:54 - 2014-10-01 17:54 - 00000474 _____ () C:\Users\Harald\Downloads\defogger_disable.log
2014-10-01 17:54 - 2014-10-01 17:54 - 00000000 _____ () C:\Users\Harald\defogger_reenable
2014-10-01 17:50 - 2014-10-01 17:50 - 00380416 _____ () C:\Users\Harald\Downloads\Gmer-19357.exe
2014-10-01 17:43 - 2014-10-01 17:43 - 02108928 _____ (Farbar) C:\Users\Harald\Downloads\FRST64.exe
2014-10-01 17:42 - 2014-10-01 17:42 - 00050477 _____ () C:\Users\Harald\Downloads\Defogger.exe
2014-09-18 09:20 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013(1).xml
2014-09-18 09:19 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013.xml
2014-09-11 22:43 - 2014-09-11 22:44 - 00006432 _____ () C:\Users\Harald\Downloads\Lebenslauf Christopher.odt
2014-09-11 22:43 - 2014-09-11 22:43 - 00006637 _____ () C:\Users\Harald\Downloads\Bewerbung Christopher.odt
2014-09-08 16:15 - 2014-09-27 14:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Smart Driver Updater
2014-09-08 16:15 - 2014-09-27 14:11 - 00003250 _____ () C:\WINDOWS\System32\Tasks\Smart Driver Updater Schedule
2014-09-08 16:15 - 2014-09-08 16:15 - 00001161 _____ () C:\Users\Harald\Desktop\Smart Driver Updater.lnk
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Users\Harald\Documents\Smart Driver Updater
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Program Files (x86)\Smart Driver Updater
2014-09-04 18:26 - 2014-09-04 18:26 - 00000000 _____ () C:\WINDOWS\SysWOW64\㩃啜敳獲䡜牡污層灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥㝜㐹来㍤敤慦汵屴潣歯敩煳楬整
2014-09-03 17:17 - 2014-09-03 17:21 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer Pro
2014-09-03 17:17 - 2014-09-03 17:17 - 00001180 _____ () C:\Users\Harald\Desktop\PC Speed Maximizer Pro.lnk
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\PC Speed Maximizer
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer Pro
2014-09-03 17:03 - 2014-09-03 17:41 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Opera Software
2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Local\Opera Software
2014-09-03 16:59 - 2014-09-27 13:39 - 00000000 ____D () C:\Users\Harald\Documents\PC Speed Maximizer
2014-09-03 16:56 - 2014-09-03 16:56 - 00002486 _____ () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-03 16:56 - 2014-09-03 16:56 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-09-03 16:55 - 2014-09-17 13:21 - 00000000 ____D () C:\Users\Harald\AppData\Local\LPT
2014-09-03 16:55 - 2014-09-03 16:55 - 00000000 ____D () C:\Users\Harald\AppData\Local\Smartbar
2014-09-03 16:54 - 2014-09-03 17:17 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(2).exe
2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(1).exe
2014-09-03 16:50 - 2014-09-03 17:03 - 53955480 _____ (Avery Dennison Corporation ) C:\Users\Harald\Downloads\avery-designpro.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 17:54 - 2014-01-12 14:02 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{432760BC-AD5D-4A26-BB31-886204176953}
2014-10-01 17:54 - 2013-12-11 13:38 - 00000000 ____D () C:\Users\Harald
2014-10-01 17:24 - 2014-02-10 18:16 - 00000000 ___RD () C:\Users\Harald\Dropbox
2014-10-01 17:24 - 2014-02-10 18:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Dropbox
2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-01 17:22 - 2013-12-11 16:18 - 00000000 ___RD () C:\Users\Harald\SkyDrive
2014-09-27 19:36 - 2013-12-11 13:33 - 03053248 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-27 14:57 - 2013-12-12 14:15 - 00000000 ____D () C:\Users\Harald\AppData\Local\Deployment
2014-09-27 14:39 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-27 14:39 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-27 14:39 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-27 14:36 - 2013-08-22 16:46 - 00372274 _____ () C:\WINDOWS\setupact.log
2014-09-27 14:11 - 2013-07-07 11:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-27 10:07 - 2013-07-04 12:18 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2441714234-3740754369-2105759011-1002
2014-09-27 09:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-27 09:35 - 2013-09-29 21:04 - 00053282 _____ () C:\WINDOWS\PFRO.log
2014-09-25 07:20 - 2013-07-10 18:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 11:55 - 2014-02-10 18:16 - 00001075 _____ () C:\Users\Harald\Desktop\Dropbox.lnk
2014-09-23 11:55 - 2014-02-10 18:13 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 08:15 - 2013-07-06 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-09-19 07:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-09-11 19:13 - 2013-07-07 11:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:39 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-03 17:34 - 2013-08-22 16:44 - 00477104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-03 17:27 - 2013-07-10 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
2014-09-03 17:27 - 2013-07-10 16:19 - 00000000 ____D () C:\Program Files (x86)\Avery Dennison
2014-09-03 17:27 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 08:18 - 2013-07-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\2-2esg_v.dll
C:\Users\Harald\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Harald\AppData\Local\Temp\avgnt.exe
C:\Users\Harald\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll
C:\Users\Harald\AppData\Local\Temp\fih2xig2.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 10:07
==================== End Of Log ============================
Addition: Code:
ATTFilter [Window Title]
srptm
[Main Instruction]
srptm funktioniert nicht mehr
[Content]
Es wird nach einer Lösung für das Problem gesucht...
[Abbrechen]
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-01 18:21:14
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST9500325AS rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Harald\AppData\Local\Temp\uwdyrpow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8f20430e0 7 bytes JMP 00007ff9efac02d0
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8f2044478 7 bytes JMP 00007ff9efac0308
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8f20f11a8 7 bytes JMP 00007ff9efac0340
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff8f20f121c 7 bytes JMP 00007ff9efac03b0
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8f20f1668 7 bytes JMP 00007ff9efac0378
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8f20f72d0 7 bytes JMP 00007ff9efac0260
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8f211d5a4 7 bytes JMP 00007ff9efac0228
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8f211d614 7 bytes JMP 00007ff9efac0298
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8efad2124 7 bytes JMP 00007ff9efac00d8
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff8efad50e8 5 bytes JMP 00007ff9efac0180
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8efad52a0 5 bytes JMP 00007ff9efac0148
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8efada9b0 5 bytes JMP 00007ff9efac0110
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8f1c37b64 10 bytes JMP 00007ff9efac0490
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8f1c52910 5 bytes JMP 00007ff9efac0420
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8f1c54578 5 bytes JMP 00007ff9efac0458
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8f1c54980 9 bytes JMP 00007ff9efac03e8
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8f18f1500 8 bytes JMP 00007ff9efac01b8
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8f18f1750 8 bytes JMP 00007ff9efac01f0
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ff8ed47705c 5 bytes JMP 00007ff9ed4600d8
.text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ff8ed477678 5 bytes JMP 00007ff9ed460110
.text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8e79a1f6a 4 bytes [9A, E7, F8, 7F]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8e79a1f82 4 bytes [9A, E7, F8, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [10756:9516] fffff960008484d0
Thread C:\Windows\System32\SettingSyncHost.exe [6640:10016] 00007ff8ebb764f4
---- Processes - GMER 2.1 ----
Process C:\WINDOWS\Installer\MSI6F50.tmp (*** suspicious ***) @ C:\WINDOWS\Installer\MSI6F50.tmp [1888](2014-03-25 10:09:17) 0000000000400000
Process C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-09-13 00:20:58) 0000000003d60000
Library c:\users\harald\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-10-01 15:22:38) 00000000041c0000
Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2013-08-23 19:01:44) 0000000063b20000
Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000667d0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Noni23 (01.10.2014 um 17:48 Uhr) |
| Themen zu Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr |
| askbar, avira antivir, computer, erstell, fehlercode 0xc0000005, fehlercode 31, fehlercode windows, fehlermeldung, funktioniert, funktioniert nicht, funktioniert nicht mehr, launch, programm, prozess, srptm.exe, this device cannot start. (code10), vertrauenswürdige, windows, zugreifen |
Baum-Darstellung