|
Log-Analyse und Auswertung: Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.10.2014, 17:40 | #1 |
| Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Hallo liebes Trojaner-board Team, Der Computer meines Vaters zeigt seit ungefähr 1-2 Wochen in sehr kurzen Abständen die Fehlermeldung "SRPTM.exe funktioniert nicht mehr". Laut der Aussage meines Vaters, sei der Fehler aufgekommen, nachdem er eine wohl unvertrauenswürdige E-Mail geöffnet hat. Er sagt nach mehreren Durchsuchungen mit dem Anitiviren Programm Avira Antivir Pro, gab es keine Funde. Der PC wird von meinem Vater sowohl Privat, als auch gewerblich genutzt, also er ist Selbstständig und benutzt ihn für die Buchführung und zum Beispiel zum Schreiben von Rechnungen. Ich habe ansonsten alle .log files erstellt, jedoch hat GMER zwischendurch 2-3 mal gesagt, dass bereits ein anderer Prozess auf den Pfad "" zugreifen würde. Ich habe dann OK geklickt und der Scan ist fortgefahren. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:54 on 01/10/2014 (Harald) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 Ran by Harald (administrator) on HARALD-PC on 01-10-2014 17:57:21 Running from C:\Users\Harald\Downloads Loaded Profile: Harald (Available profiles: UpdatusUser & Harald) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe () C:\Windows\Installer\MSI6F50.tmp (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\LPT\srpts.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe () C:\Program Files (x86)\LPT\srptsl.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (Avanquest Software) C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProSmartScan.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dropbox, Inc.) C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe () C:\Users\Harald\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom) HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProLauncher.exe [134256 2014-04-17] (Avanquest Software) HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\system: [NoDispCPL] 0 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\MountPoints2: {8b71b49d-4e21-11e2-be6a-806e6f6e6963} - "D:\InstallNavi.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv57H9_Q-lM2QcSWb1doMvHHC2hOIXsHX76eHk7aCFp6xFDGFqzbzEFbCXgEPgu8KZ7DamnHcaKC36Q8DYP_zRg,, HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} SearchScopes: HKLM - DefaultScope {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} SearchScopes: HKLM-x32 - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms} SearchScopes: HKCU - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default FF SearchEngineOrder.1: Ask Search FF Homepage: hxxp://ixquick.de/ FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=94F137AE-B8F8-45AC-902A-D6C7AAF31508&n=77fd2cf4&ind=2013080820&p2=^HJ^xdm382^YYA^de&si=pconverter&searchfor= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-web-search.xml FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\freesoftware.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Google Translator for Firefox - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\translator@zoli.bod.xpi [2014-05-24] FF Extension: ImTranslator - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-05-24] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [804944 2014-08-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-11] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 IBYKUS AG: ELSA-Suite update permissions manager. 32063.; C:\WINDOWS\Installer\MSI6F50.tmp [675840 2014-03-25] () [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-09-30] (Microsoft Corporation) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32768 2014-08-27] () <==== ATTENTION R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703584 2011-09-16] (SEIKO EPSON CORPORATION) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-25] (Dritek System INC.) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-25] (Dritek System Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-07] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-12] (Acronis International GmbH) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-03-21] (Seiko Epson Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 17:57 - 2014-10-01 17:57 - 00022460 _____ () C:\Users\Harald\Downloads\FRST.txt 2014-10-01 17:57 - 2014-10-01 17:57 - 00000000 ____D () C:\FRST 2014-10-01 17:54 - 2014-10-01 17:54 - 00000474 _____ () C:\Users\Harald\Downloads\defogger_disable.log 2014-10-01 17:54 - 2014-10-01 17:54 - 00000000 _____ () C:\Users\Harald\defogger_reenable 2014-10-01 17:50 - 2014-10-01 17:50 - 00380416 _____ () C:\Users\Harald\Downloads\Gmer-19357.exe 2014-10-01 17:43 - 2014-10-01 17:43 - 02108928 _____ (Farbar) C:\Users\Harald\Downloads\FRST64.exe 2014-10-01 17:42 - 2014-10-01 17:42 - 00050477 _____ () C:\Users\Harald\Downloads\Defogger.exe 2014-09-18 09:20 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013(1).xml 2014-09-18 09:19 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013.xml 2014-09-11 22:43 - 2014-09-11 22:44 - 00006432 _____ () C:\Users\Harald\Downloads\Lebenslauf Christopher.odt 2014-09-11 22:43 - 2014-09-11 22:43 - 00006637 _____ () C:\Users\Harald\Downloads\Bewerbung Christopher.odt 2014-09-08 16:15 - 2014-09-27 14:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Smart Driver Updater 2014-09-08 16:15 - 2014-09-27 14:11 - 00003250 _____ () C:\WINDOWS\System32\Tasks\Smart Driver Updater Schedule 2014-09-08 16:15 - 2014-09-08 16:15 - 00001161 _____ () C:\Users\Harald\Desktop\Smart Driver Updater.lnk 2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Users\Harald\Documents\Smart Driver Updater 2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater 2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Program Files (x86)\Smart Driver Updater 2014-09-04 18:26 - 2014-09-04 18:26 - 00000000 _____ () C:\WINDOWS\SysWOW64\㩃啜敳獲䡜牡污層灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥㝜㐹来㍤敤慦汵屴潣歯敩煳楬整 2014-09-03 17:17 - 2014-09-03 17:21 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer Pro 2014-09-03 17:17 - 2014-09-03 17:17 - 00001180 _____ () C:\Users\Harald\Desktop\PC Speed Maximizer Pro.lnk 2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\PC Speed Maximizer 2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer Pro 2014-09-03 17:03 - 2014-09-03 17:41 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Opera Software 2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Local\Opera Software 2014-09-03 16:59 - 2014-09-27 13:39 - 00000000 ____D () C:\Users\Harald\Documents\PC Speed Maximizer 2014-09-03 16:56 - 2014-09-03 16:56 - 00002486 _____ () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-09-03 16:56 - 2014-09-03 16:56 - 00000000 ____D () C:\Program Files (x86)\LPT 2014-09-03 16:55 - 2014-09-17 13:21 - 00000000 ____D () C:\Users\Harald\AppData\Local\LPT 2014-09-03 16:55 - 2014-09-03 16:55 - 00000000 ____D () C:\Users\Harald\AppData\Local\Smartbar 2014-09-03 16:54 - 2014-09-03 17:17 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(2).exe 2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(1).exe 2014-09-03 16:50 - 2014-09-03 17:03 - 53955480 _____ (Avery Dennison Corporation ) C:\Users\Harald\Downloads\avery-designpro.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 17:54 - 2014-01-12 14:02 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{432760BC-AD5D-4A26-BB31-886204176953} 2014-10-01 17:54 - 2013-12-11 13:38 - 00000000 ____D () C:\Users\Harald 2014-10-01 17:24 - 2014-02-10 18:16 - 00000000 ___RD () C:\Users\Harald\Dropbox 2014-10-01 17:24 - 2014-02-10 18:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Dropbox 2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-10-01 17:22 - 2013-12-11 16:18 - 00000000 ___RD () C:\Users\Harald\SkyDrive 2014-09-27 19:36 - 2013-12-11 13:33 - 03053248 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-27 14:57 - 2013-12-12 14:15 - 00000000 ____D () C:\Users\Harald\AppData\Local\Deployment 2014-09-27 14:39 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-27 14:39 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-09-27 14:39 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-09-27 14:36 - 2013-08-22 16:46 - 00372274 _____ () C:\WINDOWS\setupact.log 2014-09-27 14:11 - 2013-07-07 11:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-27 10:07 - 2013-07-04 12:18 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2441714234-3740754369-2105759011-1002 2014-09-27 09:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-27 09:35 - 2013-09-29 21:04 - 00053282 _____ () C:\WINDOWS\PFRO.log 2014-09-25 07:20 - 2013-07-10 18:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-23 11:55 - 2014-02-10 18:16 - 00001075 _____ () C:\Users\Harald\Desktop\Dropbox.lnk 2014-09-23 11:55 - 2014-02-10 18:13 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-19 08:15 - 2013-07-06 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-09-19 07:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2014-09-11 19:13 - 2013-07-07 11:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-09-09 19:39 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-03 17:34 - 2013-08-22 16:44 - 00477104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-03 17:27 - 2013-07-10 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison 2014-09-03 17:27 - 2013-07-10 16:19 - 00000000 ____D () C:\Program Files (x86)\Avery Dennison 2014-09-03 17:27 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-03 08:18 - 2013-07-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Harald\AppData\Local\Temp\2-2esg_v.dll C:\Users\Harald\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\Harald\AppData\Local\Temp\avgnt.exe C:\Users\Harald\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll C:\Users\Harald\AppData\Local\Temp\fih2xig2.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-27 10:07 ==================== End Of Log ============================ Addition: Code:
ATTFilter [Window Title] srptm [Main Instruction] srptm funktioniert nicht mehr [Content] Es wird nach einer Lösung für das Problem gesucht... [Abbrechen] Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-01 18:21:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST9500325AS rev.0001SDM1 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Harald\AppData\Local\Temp\uwdyrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8f20430e0 7 bytes JMP 00007ff9efac02d0 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8f2044478 7 bytes JMP 00007ff9efac0308 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8f20f11a8 7 bytes JMP 00007ff9efac0340 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff8f20f121c 7 bytes JMP 00007ff9efac03b0 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8f20f1668 7 bytes JMP 00007ff9efac0378 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8f20f72d0 7 bytes JMP 00007ff9efac0260 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8f211d5a4 7 bytes JMP 00007ff9efac0228 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8f211d614 7 bytes JMP 00007ff9efac0298 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8efad2124 7 bytes JMP 00007ff9efac00d8 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff8efad50e8 5 bytes JMP 00007ff9efac0180 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8efad52a0 5 bytes JMP 00007ff9efac0148 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8efada9b0 5 bytes JMP 00007ff9efac0110 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8f1c37b64 10 bytes JMP 00007ff9efac0490 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8f1c52910 5 bytes JMP 00007ff9efac0420 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8f1c54578 5 bytes JMP 00007ff9efac0458 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8f1c54980 9 bytes JMP 00007ff9efac03e8 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8f18f1500 8 bytes JMP 00007ff9efac01b8 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8f18f1750 8 bytes JMP 00007ff9efac01f0 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ff8ed47705c 5 bytes JMP 00007ff9ed4600d8 .text C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ff8ed477678 5 bytes JMP 00007ff9ed460110 .text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f1a41832 4 bytes [A4, F1, F8, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8e79a1f6a 4 bytes [9A, E7, F8, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8e79a1f82 4 bytes [9A, E7, F8, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [10756:9516] fffff960008484d0 Thread C:\Windows\System32\SettingSyncHost.exe [6640:10016] 00007ff8ebb764f4 ---- Processes - GMER 2.1 ---- Process C:\WINDOWS\Installer\MSI6F50.tmp (*** suspicious ***) @ C:\WINDOWS\Installer\MSI6F50.tmp [1888](2014-03-25 10:09:17) 0000000000400000 Process C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (FILE NOT FOUND) 0000000000400000 Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-09-13 00:20:58) 0000000003d60000 Library c:\users\harald\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-10-01 15:22:38) 00000000041c0000 Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2013-08-23 19:01:44) 0000000063b20000 Library C:\Users\Harald\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000667d0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Geändert von Noni23 (01.10.2014 um 17:48 Uhr) |
01.10.2014, 17:54 | #2 |
/// Malwareteam | Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Hallo Noni23,
__________________mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise: Regeln zum Ablauf der Bereinigung
Hinweis Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.
Bitte poste noch die Addition.txt. .
__________________ |
01.10.2014, 18:22 | #3 |
| Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Hier Addition:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 Ran by Harald at 2014-10-01 17:58:04 Running from C:\Users\Harald\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated) ACR38/100/122 PC/SC Driver 1.1.2.0 (HKLM\...\{155796AE-16D0-45D2-8939-6AE3AD67147B}) (Version: 1.1.2 - Advanced Card Systems Ltd.) Acronis True Image 2014 (HKLM-x32\...\{D1CBB979-E0F5-464C-ACCB-4071078DA04A}Visible) (Version: 17.0.6614 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.) Audials (HKLM-x32\...\{0E9EBAF3-67F8-430A-9852-D02E5F20031A}) (Version: 10.2.30900.0 - Audials AG) AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.) Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Benutzerhandbuch EPSON WP-4535 Series (HKLM-x32\...\EPSON WP-4535 Series Useg) (Version: - ) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden DesignPro 5 (HKLM-x32\...\InstallShield_{AC610C8A-67CB-4633-9211-81A5E104FAD4}) (Version: 5.0.1056 - Avery Dennison) DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden DesignPro 5.0 Limited Edition (HKLM-x32\...\InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}) (Version: 5.2.1201 - Avery Dennison) DesignPro 5.0 Limited Edition (x32 Version: 5.2.1201 - Avery Dennison) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) eDocPrintPro v3.16.0 (HKLM\...\{73DA9C27-3773-402A-A808-F3A66BD78E02}) (Version: 3.16.0 - MAY-Computer) ELSA-Suite (HKLM-x32\...\{5AD7FA06-9EF6-4373-957E-B2EA165B2EAA}) (Version: 10.0 - IBYKUS Software GmbH & Co. KG) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WP-4535 Series Printer Uninstall (HKLM\...\EPSON WP-4535 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.1 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden gs_x64 (HKLM\...\{2E415339-7210-4A3B-84EA-E50FE7565F0D}) (Version: 9.00 - MAY-Computer) High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.) Lexware Abschreibungsrechner (HKLM-x32\...\{2698CA4A-EA1E-45EB-9ADC-8B994C5EF38E}) (Version: 13.00.04.0003 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (HKLM-x32\...\{BE9FAE8A-01AF-4570-8E91-4C76D05556DC}) (Version: 13.14.00.0008 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (HKLM-x32\...\{5CC0729F-FC90-4D8F-87AA-A74A18B30ECF}) (Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) Lexware QuickBooks 2014 (HKLM-x32\...\{4ED37D3D-79B1-4562-B04D-377EBAF90064}) (Version: 27.30.04.0132 - Haufe-Lexware GmbH & Co.KG) Lexware Zeiterfassung (HKLM-x32\...\{48B1776E-7D56-45E3-A87C-3269A9A41A5B}) (Version: 27.00.04.0003 - Haufe-Lexware GmbH & Co.KG) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated) LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom) MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation) MyEpson Portal (x32 Version: 1.0.0.12 - SEIKO EPSON CORPORATION) Hidden MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG) Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG) Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG) Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG) Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10300.0.0 - Nero AG) Hidden Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG) Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG) Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10300.1.0 - Nero AG) Hidden Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG) Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG) Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG) Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG) Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG) Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.0.11500.1.0 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.13100.0.1 - Nero AG) Hidden Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG) Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG) Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG) Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG) Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG) Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG) Nero Recode 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG) Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG) Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG) Nero Vision 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG) Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden Netzwerkhandbuch EPSON WP-4535 Series (HKLM-x32\...\EPSON WP-4535 Series Netg) (Version: - ) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) PC Speed Maximizer Pro v3.2 (HKLM-x32\...\PC Speed Maximizer Pro_is1) (Version: 3.2 - SoftCity) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) ResScan (HKLM-x32\...\{F19702FA-6D54-41E1-98E2-156460C87FF2}) (Version: 3.16 - ResMed Pty Ltd) SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Smart Driver Updater v3.2 (HKLM-x32\...\Smart Driver Updater_is1) (Version: 3.2 - Avanquest Software) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden Windows-Treiberpaket - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS) Windows-Treiberpaket - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3) (HKLM\...\A9B944A9EADA685F103858C6923BF5DD8E127C2C) (Version: 12/16/2009 1.1.6.3 - ACS) Windows-Treiberpaket - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2) (HKLM\...\0942775975678D6CC510D2C2F022CD956CCF177E) (Version: 12/15/2009 1.1.6.2 - ACS) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-09-2014 06:27:49 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1076514D-DBC6-4676-80AB-836D8C157999} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {1BBBE8A5-CB06-4485-97C6-02468B524A86} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] () Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {27040EA4-2BCB-4D23-A06E-2BEBD33BA1D8} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] () Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {408761BB-4024-4777-85C6-5D823A343ECB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {474ED943-3A07-4381-A732-F1818C5F7980} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {80C34CEA-B084-4F62-A419-6E752B0C3ECE} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] () Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9B90FF24-8932-4AF7-8333-556190533B65} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C82FDD92-2D2F-4FB2-8757-FCF9B573DFAA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E5BAEABE-1630-441F-B25B-B0B26D2798AE} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe [2014-06-27] (Avanquest Software) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F79DADCF-E50B-4779-BDB0-F51710F75CA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-25 12:09 - 2014-03-25 12:09 - 00675840 _____ () C:\WINDOWS\Installer\MSI6F50.tmp 2014-08-27 18:43 - 2014-08-27 18:43 - 00032768 _____ () C:\Program Files (x86)\LPT\srpts.exe 2014-08-27 18:43 - 2014-08-27 18:52 - 00034816 _____ () C:\Program Files (x86)\LPT\srptsl.exe 2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-03-28 00:53 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2014-10-01 17:42 - 2014-10-01 17:42 - 00050477 _____ () C:\Users\Harald\Downloads\Defogger.exe 2014-08-27 18:43 - 2014-08-27 18:52 - 00042496 _____ () C:\Program Files (x86)\LPT\srptc.dll 2014-08-27 18:42 - 2014-08-27 18:50 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll 2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2014-08-27 18:43 - 2014-08-27 18:52 - 00070144 _____ () C:\Program Files (x86)\LPT\srut.dll 2013-10-24 18:06 - 2013-10-24 18:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2013-10-24 18:09 - 2013-10-24 18:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2012-12-25 01:50 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-11-29 11:29 - 2013-11-29 11:29 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll 2013-11-29 11:28 - 2013-11-29 11:28 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll 2013-11-29 11:28 - 2013-11-29 11:28 - 00344984 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll 2014-10-01 17:22 - 2014-10-01 17:22 - 00043008 _____ () c:\users\harald\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Harald\AppData\Roaming\Dropbox\bin\libcef.dll 2013-10-24 18:06 - 2013-10-24 18:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll 2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2013-12-20 10:22 - 2014-08-21 11:12 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Harald\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplyEsf-eDocPrintPro => "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Persistence => "C:\WINDOWS\system32\igfxpers.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2441714234-3740754369-2105759011-500 - Administrator - Disabled) Gast (S-1-5-21-2441714234-3740754369-2105759011-501 - Limited - Disabled) Harald (S-1-5-21-2441714234-3740754369-2105759011-1002 - Administrator - Enabled) => C:\Users\Harald UpdatusUser (S-1-5-21-2441714234-3740754369-2105759011-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (10/01/2014 05:22:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bf6e ID des fehlerhaften Prozesses: 0x1a20 Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0 Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1 Pfad des fehlerhaften Moduls: MMDx64Fx.exe2 Berichtskennung: MMDx64Fx.exe3 Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5 Error: (09/27/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bf6e ID des fehlerhaften Prozesses: 0x1fb8 Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0 Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1 Pfad des fehlerhaften Moduls: MMDx64Fx.exe2 Berichtskennung: MMDx64Fx.exe3 Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5 Error: (09/27/2014 02:35:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm SmartDriverUpdater.exe, Version 3.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 76c Startzeit: 01cfda4c3875d12d Endzeit: 203 Anwendungspfad: C:\Program Files (x86)\Smart Driver Updater\SmartDriverUpdater.exe Berichts-ID: f4d6215f-4640-11e4-befb-2016d83b633c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/27/2014 01:53:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bf6e ID des fehlerhaften Prozesses: 0x1864 Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0 Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1 Pfad des fehlerhaften Moduls: MMDx64Fx.exe2 Berichtskennung: MMDx64Fx.exe3 Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5 Error: (09/27/2014 01:38:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20315 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1780 Startzeit: 01cfda27f04b2129 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: e3c857c5-461b-11e4-befb-2016d83b633c Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/27/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bf6e ID des fehlerhaften Prozesses: 0x1728 Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0 Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1 Pfad des fehlerhaften Moduls: MMDx64Fx.exe2 Berichtskennung: MMDx64Fx.exe3 Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5 Error: (09/27/2014 09:38:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bf6e ID des fehlerhaften Prozesses: 0xd98 Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0 Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1 Pfad des fehlerhaften Moduls: MMDx64Fx.exe2 Berichtskennung: MMDx64Fx.exe3 Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5 Error: (09/27/2014 09:12:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 07:49:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17c5c Startzeit: 01cfda0650df646d Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe Berichts-ID: d8a02f10-4609-11e4-befa-2016d83b633c Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App System errors: ============= Error: (10/01/2014 05:24:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (09/27/2014 10:07:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst afcdpsrv erreicht. Error: (09/27/2014 10:00:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (09/27/2014 09:39:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/27/2014 09:39:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1326 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/27/2014 09:39:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (09/27/2014 09:36:36 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 27.09.2014 um 09:13:35 unerwartet heruntergefahren. Error: (09/26/2014 01:05:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (09/26/2014 08:32:13 AM) (Source: BTHUSB) (EventID: 16) (User: ) Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (7c:2f:80:1c:4d:43) ist fehlgeschlagen. Error: (09/25/2014 01:26:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (10/01/2014 05:22:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e1a2001cfdd8b730c53f1C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dllb1500f57-497e-11e4-befb-2016d83b633c Error: (09/27/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e1fb801cfda7907bb0c73C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dll45c6f881-466c-11e4-befb-2016d83b633c Error: (09/27/2014 02:35:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SmartDriverUpdater.exe3.2.0.076c01cfda4c3875d12d203C:\Program Files (x86)\Smart Driver Updater\SmartDriverUpdater.exef4d6215f-4640-11e4-befb-2016d83b633c Error: (09/27/2014 01:53:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e186401cfda49ace5ca8bC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dlleb66d671-463c-11e4-befb-2016d83b633c Error: (09/27/2014 01:38:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20315178001cfda27f04b21294294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exee3c857c5-461b-11e4-befb-2016d83b633cmicrosoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (09/27/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e172801cfda26b09fc8a9C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dlleee96372-4619-11e4-befb-2016d83b633c Error: (09/27/2014 09:38:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6ed9801cfda25ece67f7fC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dll3430ea5a-4619-11e4-befb-2016d83b633c Error: (09/27/2014 09:12:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 07:49:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.1638417c5c01cfda0650df646d4294967295C:\WINDOWS\system32\backgroundTaskHost.exed8a02f10-4609-11e4-befa-2016d83b633cMicrosoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbweApp ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 44% Total physical RAM: 3914.27 MB Available physical RAM: 2177.28 MB Total Pagefile: 5893.95 MB Available Pagefile: 3907.95 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:400.47 GB) NTFS Drive e: (Volume) (Fixed) (Total:223.44 GB) (Free:32.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F6196AA7) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0A65868D) Partition: GPT Partition Type. ==================== End Of Log ============================ Und nochmal danke |
02.10.2014, 11:21 | #4 |
/// Malwareteam | Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Kein Ding. Dann gehts so weiter: Schritt 1 Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
Schritt 2 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
06.10.2014, 13:50 | #5 |
/// Malwareteam | Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen.
__________________ Gruß, Jonas |
08.10.2014, 19:46 | #6 |
/// Malwareteam | Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht. Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.
__________________ --> Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr |
Themen zu Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr |
askbar, avira antivir, computer, erstell, fehlercode 0xc0000005, fehlercode 31, fehlercode windows, fehlermeldung, funktioniert, funktioniert nicht, funktioniert nicht mehr, launch, programm, prozess, srptm.exe, this device cannot start. (code10), vertrauenswürdige, windows, zugreifen |