Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.10.2014, 18:40   #1
Noni23
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Hallo liebes Trojaner-board Team,

Der Computer meines Vaters zeigt seit ungefähr 1-2 Wochen in sehr kurzen Abständen die Fehlermeldung "SRPTM.exe funktioniert nicht mehr". Laut der Aussage meines Vaters, sei der Fehler aufgekommen, nachdem er eine wohl unvertrauenswürdige E-Mail geöffnet hat. Er sagt nach mehreren Durchsuchungen mit dem Anitiviren Programm Avira Antivir Pro, gab es keine Funde. Der PC wird von meinem Vater sowohl Privat, als auch gewerblich genutzt, also er ist Selbstständig und benutzt ihn für die Buchführung und zum Beispiel zum Schreiben von Rechnungen.

Ich habe ansonsten alle .log files erstellt, jedoch hat GMER zwischendurch 2-3 mal gesagt, dass bereits ein anderer Prozess auf den Pfad "" zugreifen würde. Ich habe dann OK geklickt und der Scan ist fortgefahren.

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:54 on 01/10/2014 (Harald)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014
Ran by Harald (administrator) on HARALD-PC on 01-10-2014 17:57:21
Running from C:\Users\Harald\Downloads
Loaded Profile: Harald (Available profiles: UpdatusUser & Harald)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Windows\Installer\MSI6F50.tmp
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Avanquest Software) C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProSmartScan.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dropbox, Inc.) C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
() C:\Users\Harald\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer Pro\SPMProLauncher.exe [134256 2014-04-17] (Avanquest Software)
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2441714234-3740754369-2105759011-1002\...\MountPoints2: {8b71b49d-4e21-11e2-be6a-806e6f6e6963} - "D:\InstallNavi.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv57H9_Q-lM2QcSWb1doMvHHC2hOIXsHX76eHk7aCFp6xFDGFqzbzEFbCXgEPgu8KZ7DamnHcaKC36Q8DYP_zRg,,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKLM-x32 - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880HBZWL862KaOsKDVxGRdhhZsqxyqh0DFZ_JbYVP4HFpS82aGWhpgsK5hFzRK4bneJ14TtHY7b94pFdQFzMxv5KdL6A36aFzFbiLf-a_XvJRGZVuzKcq5x8eB679jqjJi61PUr6bCGkZ7T9bM1wWN5NtGStpX815nHJnT6lbmg,,&q={searchTerms}
SearchScopes: HKCU - {98E71613-12DB-474C-9CFE-A9E55DD8F738} URL = 
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://ixquick.de/
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=94F137AE-B8F8-45AC-902A-D6C7AAF31508&n=77fd2cf4&ind=2013080820&p2=^HJ^xdm382^YYA^de&si=pconverter&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\searchplugins\freesoftware.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Google Translator for Firefox - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\translator@zoli.bod.xpi [2014-05-24]
FF Extension: ImTranslator - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\794egd3e.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-05-24]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [804944 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-11] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IBYKUS AG: ELSA-Suite update permissions manager. 32063.; C:\WINDOWS\Installer\MSI6F50.tmp [675840 2014-03-25] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-09-30] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32768 2014-08-27] () <==== ATTENTION
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703584 2011-09-16] (SEIKO EPSON CORPORATION)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-25] (Dritek System INC.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-25] (Dritek System Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-12] (Acronis International GmbH)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-03-21] (Seiko Epson Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:57 - 2014-10-01 17:57 - 00022460 _____ () C:\Users\Harald\Downloads\FRST.txt
2014-10-01 17:57 - 2014-10-01 17:57 - 00000000 ____D () C:\FRST
2014-10-01 17:54 - 2014-10-01 17:54 - 00000474 _____ () C:\Users\Harald\Downloads\defogger_disable.log
2014-10-01 17:54 - 2014-10-01 17:54 - 00000000 _____ () C:\Users\Harald\defogger_reenable
2014-10-01 17:50 - 2014-10-01 17:50 - 00380416 _____ () C:\Users\Harald\Downloads\Gmer-19357.exe
2014-10-01 17:43 - 2014-10-01 17:43 - 02108928 _____ (Farbar) C:\Users\Harald\Downloads\FRST64.exe
2014-10-01 17:42 - 2014-10-01 17:42 - 00050477 _____ () C:\Users\Harald\Downloads\Defogger.exe
2014-09-18 09:20 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013(1).xml
2014-09-18 09:19 - 2014-09-18 09:20 - 00004647 _____ () C:\Users\Harald\Downloads\1142_2013.xml
2014-09-11 22:43 - 2014-09-11 22:44 - 00006432 _____ () C:\Users\Harald\Downloads\Lebenslauf Christopher.odt
2014-09-11 22:43 - 2014-09-11 22:43 - 00006637 _____ () C:\Users\Harald\Downloads\Bewerbung Christopher.odt
2014-09-08 16:15 - 2014-09-27 14:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Smart Driver Updater
2014-09-08 16:15 - 2014-09-27 14:11 - 00003250 _____ () C:\WINDOWS\System32\Tasks\Smart Driver Updater Schedule
2014-09-08 16:15 - 2014-09-08 16:15 - 00001161 _____ () C:\Users\Harald\Desktop\Smart Driver Updater.lnk
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Users\Harald\Documents\Smart Driver Updater
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
2014-09-08 16:15 - 2014-09-08 16:15 - 00000000 ____D () C:\Program Files (x86)\Smart Driver Updater
2014-09-04 18:26 - 2014-09-04 18:26 - 00000000 _____ () C:\WINDOWS\SysWOW64\㩃啜敳獲䡜牡污層灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥㝜㐹来㍤⹥敤慦汵屴潣歯敩⹳煳楬整
2014-09-03 17:17 - 2014-09-03 17:21 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer Pro
2014-09-03 17:17 - 2014-09-03 17:17 - 00001180 _____ () C:\Users\Harald\Desktop\PC Speed Maximizer Pro.lnk
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\PC Speed Maximizer
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer Pro
2014-09-03 17:03 - 2014-09-03 17:41 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Opera Software
2014-09-03 17:03 - 2014-09-03 17:03 - 00000000 ____D () C:\Users\Harald\AppData\Local\Opera Software
2014-09-03 16:59 - 2014-09-27 13:39 - 00000000 ____D () C:\Users\Harald\Documents\PC Speed Maximizer
2014-09-03 16:56 - 2014-09-03 16:56 - 00002486 _____ () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-03 16:56 - 2014-09-03 16:56 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-09-03 16:55 - 2014-09-17 13:21 - 00000000 ____D () C:\Users\Harald\AppData\Local\LPT
2014-09-03 16:55 - 2014-09-03 16:55 - 00000000 ____D () C:\Users\Harald\AppData\Local\Smartbar
2014-09-03 16:54 - 2014-09-03 17:17 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(2).exe
2014-09-03 16:51 - 2014-09-03 16:51 - 00753312 _____ ( ) C:\Users\Harald\Downloads\avery-designpro(1).exe
2014-09-03 16:50 - 2014-09-03 17:03 - 53955480 _____ (Avery Dennison Corporation ) C:\Users\Harald\Downloads\avery-designpro.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:54 - 2014-01-12 14:02 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{432760BC-AD5D-4A26-BB31-886204176953}
2014-10-01 17:54 - 2013-12-11 13:38 - 00000000 ____D () C:\Users\Harald
2014-10-01 17:24 - 2014-02-10 18:16 - 00000000 ___RD () C:\Users\Harald\Dropbox
2014-10-01 17:24 - 2014-02-10 18:12 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Dropbox
2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-01 17:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-01 17:22 - 2013-12-11 16:18 - 00000000 ___RD () C:\Users\Harald\SkyDrive
2014-09-27 19:36 - 2013-12-11 13:33 - 03053248 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-27 14:57 - 2013-12-12 14:15 - 00000000 ____D () C:\Users\Harald\AppData\Local\Deployment
2014-09-27 14:39 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-27 14:39 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-27 14:39 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-27 14:36 - 2013-08-22 16:46 - 00372274 _____ () C:\WINDOWS\setupact.log
2014-09-27 14:11 - 2013-07-07 11:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-27 10:07 - 2013-07-04 12:18 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2441714234-3740754369-2105759011-1002
2014-09-27 09:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-27 09:35 - 2013-09-29 21:04 - 00053282 _____ () C:\WINDOWS\PFRO.log
2014-09-25 07:20 - 2013-07-10 18:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 11:55 - 2014-02-10 18:16 - 00001075 _____ () C:\Users\Harald\Desktop\Dropbox.lnk
2014-09-23 11:55 - 2014-02-10 18:13 - 00000000 ____D () C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 08:15 - 2013-07-06 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-09-19 07:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-09-11 19:13 - 2013-07-07 11:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:39 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-03 17:34 - 2013-08-22 16:44 - 00477104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-03 17:27 - 2013-07-10 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
2014-09-03 17:27 - 2013-07-10 16:19 - 00000000 ____D () C:\Program Files (x86)\Avery Dennison
2014-09-03 17:27 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 08:18 - 2013-07-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\2-2esg_v.dll
C:\Users\Harald\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Harald\AppData\Local\Temp\avgnt.exe
C:\Users\Harald\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll
C:\Users\Harald\AppData\Local\Temp\fih2xig2.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 10:07

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
[Window Title]
srptm

[Main Instruction]
srptm funktioniert nicht mehr

[Content]
Es wird nach einer Lösung für das Problem gesucht...

[Abbrechen]
         
Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-01 18:21:14
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST9500325AS rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Harald\AppData\Local\Temp\uwdyrpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                           00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                           00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                              00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                              00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                 00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                 00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                    00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                    00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                                                             00007ff8f20430e0 7 bytes JMP 00007ff9efac02d0
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                                                                    00007ff8f2044478 7 bytes JMP 00007ff9efac0308
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                                                                     00007ff8f20f11a8 7 bytes JMP 00007ff9efac0340
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                                                                      00007ff8f20f121c 7 bytes JMP 00007ff9efac03b0
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                                                                      00007ff8f20f1668 7 bytes JMP 00007ff9efac0378
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                                                             00007ff8f20f72d0 7 bytes JMP 00007ff9efac0260
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                                                             00007ff8f211d5a4 7 bytes JMP 00007ff9efac0228
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                                                               00007ff8f211d614 7 bytes JMP 00007ff9efac0298
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                  00007ff8efad2124 7 bytes JMP 00007ff9efac00d8
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                       00007ff8efad50e8 5 bytes JMP 00007ff9efac0180
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                    00007ff8efad52a0 5 bytes JMP 00007ff9efac0148
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                00007ff8efada9b0 5 bytes JMP 00007ff9efac0110
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                                                                       00007ff8f1c37b64 10 bytes JMP 00007ff9efac0490
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                                                                   00007ff8f1c52910 5 bytes JMP 00007ff9efac0420
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                                                                   00007ff8f1c54578 5 bytes JMP 00007ff9efac0458
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                            00007ff8f1c54980 9 bytes JMP 00007ff9efac03e8
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                               00007ff8f18f1500 8 bytes JMP 00007ff9efac01b8
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                 00007ff8f18f1750 8 bytes JMP 00007ff9efac01f0
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory                                                                                                                                       00007ff8ed47705c 5 bytes JMP 00007ff9ed4600d8
.text    C:\WINDOWS\System32\dwm.exe[9880] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1                                                                                                                                      00007ff8ed477678 5 bytes JMP 00007ff9ed460110
.text    C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                           00007ff8f1a4169a 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                           00007ff8f1a416a2 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                              00007ff8f1a4181a 4 bytes [A4, F1, F8, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[10428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                              00007ff8f1a41832 4 bytes [A4, F1, F8, 7F]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                            00007ff8e79a1f6a 4 bytes [9A, E7, F8, 7F]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[9488] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                            00007ff8e79a1f82 4 bytes [9A, E7, F8, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [10756:9516]                                                                                                                                                                             fffff960008484d0
Thread   C:\Windows\System32\SettingSyncHost.exe [6640:10016]                                                                                                                                                                   00007ff8ebb764f4
---- Processes - GMER 2.1 ----

Process  C:\WINDOWS\Installer\MSI6F50.tmp (*** suspicious ***) @ C:\WINDOWS\Installer\MSI6F50.tmp [1888](2014-03-25 10:09:17)                                                                                                   0000000000400000
Process  C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (FILE NOT FOUND)                                                         0000000000400000
Library  C:\Users\Harald\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-09-13 00:20:58)                                                0000000003d60000
Library  c:\users\harald\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2014-10-01 15:22:38)  00000000041c0000
Library  C:\Users\Harald\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232](2013-08-23 19:01:44)                                                      0000000063b20000
Library  C:\Users\Harald\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe [7232] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        00000000667d0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
Vielen Dank

Geändert von Noni23 (01.10.2014 um 18:48 Uhr)

Alt 01.10.2014, 18:54   #2
sunjojo
/// Malwareteam
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Hallo Noni23,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.


Bitte poste noch die Addition.txt. .
__________________

__________________

Alt 01.10.2014, 19:22   #3
Noni23
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Hier Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014
Ran by Harald at 2014-10-01 17:58:04
Running from C:\Users\Harald\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
ACR38/100/122 PC/SC Driver 1.1.2.0 (HKLM\...\{155796AE-16D0-45D2-8939-6AE3AD67147B}) (Version: 1.1.2 - Advanced Card Systems Ltd.)
Acronis True Image 2014 (HKLM-x32\...\{D1CBB979-E0F5-464C-ACCB-4071078DA04A}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Audials (HKLM-x32\...\{0E9EBAF3-67F8-430A-9852-D02E5F20031A}) (Version: 10.2.30900.0 - Audials AG)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch EPSON WP-4535 Series (HKLM-x32\...\EPSON WP-4535 Series Useg) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DesignPro 5 (HKLM-x32\...\InstallShield_{AC610C8A-67CB-4633-9211-81A5E104FAD4}) (Version: 5.0.1056 - Avery Dennison)
DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden
DesignPro 5.0 Limited Edition (HKLM-x32\...\InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}) (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.0 Limited Edition (x32 Version: 5.2.1201 - Avery Dennison) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
eDocPrintPro v3.16.0 (HKLM\...\{73DA9C27-3773-402A-A808-F3A66BD78E02}) (Version: 3.16.0 - MAY-Computer)
ELSA-Suite (HKLM-x32\...\{5AD7FA06-9EF6-4373-957E-B2EA165B2EAA}) (Version: 10.0 - IBYKUS Software GmbH & Co. KG)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WP-4535 Series Printer Uninstall (HKLM\...\EPSON WP-4535 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
gs_x64 (HKLM\...\{2E415339-7210-4A3B-84EA-E50FE7565F0D}) (Version: 9.00 - MAY-Computer)
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Lexware Abschreibungsrechner (HKLM-x32\...\{2698CA4A-EA1E-45EB-9ADC-8B994C5EF38E}) (Version: 13.00.04.0003 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{BE9FAE8A-01AF-4570-8E91-4C76D05556DC}) (Version: 13.14.00.0008 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{5CC0729F-FC90-4D8F-87AA-A74A18B30ECF}) (Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware QuickBooks 2014 (HKLM-x32\...\{4ED37D3D-79B1-4562-B04D-377EBAF90064}) (Version: 27.30.04.0132 - Haufe-Lexware GmbH & Co.KG)
Lexware Zeiterfassung (HKLM-x32\...\{48B1776E-7D56-45E3-A87C-3269A9A41A5B}) (Version: 27.00.04.0003 - Haufe-Lexware GmbH & Co.KG)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.0.0.12 - SEIKO EPSON CORPORATION) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10300.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10300.1.0 - Nero AG) Hidden
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.11500.1.0 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13100.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Netzwerkhandbuch EPSON WP-4535 Series (HKLM-x32\...\EPSON WP-4535 Series Netg) (Version:  - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
PC Speed Maximizer Pro v3.2 (HKLM-x32\...\PC Speed Maximizer Pro_is1) (Version: 3.2 - SoftCity)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
ResScan (HKLM-x32\...\{F19702FA-6D54-41E1-98E2-156460C87FF2}) (Version: 3.16 - ResMed Pty Ltd)
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Smart Driver Updater v3.2 (HKLM-x32\...\Smart Driver Updater_is1) (Version: 3.2 - Avanquest Software)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows-Treiberpaket - ACS (A38CCID) SmartCardReader  (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS)
Windows-Treiberpaket - ACS (ACR122U) SmartCardReader  (12/16/2009 1.1.6.3) (HKLM\...\A9B944A9EADA685F103858C6923BF5DD8E127C2C) (Version: 12/16/2009 1.1.6.3 - ACS)
Windows-Treiberpaket - ACS (ACSSCR) SmartCardReader  (12/15/2009 1.1.6.2) (HKLM\...\0942775975678D6CC510D2C2F022CD956CCF177E) (Version: 12/15/2009 1.1.6.2 - ACS)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2441714234-3740754369-2105759011-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-09-2014 06:27:49 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1076514D-DBC6-4676-80AB-836D8C157999} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1BBBE8A5-CB06-4485-97C6-02468B524A86} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27040EA4-2BCB-4D23-A06E-2BEBD33BA1D8} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {408761BB-4024-4777-85C6-5D823A343ECB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {474ED943-3A07-4381-A732-F1818C5F7980} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80C34CEA-B084-4F62-A419-6E752B0C3ECE} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9B90FF24-8932-4AF7-8333-556190533B65} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C82FDD92-2D2F-4FB2-8757-FCF9B573DFAA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5BAEABE-1630-441F-B25B-B0B26D2798AE} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe [2014-06-27] (Avanquest Software)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F79DADCF-E50B-4779-BDB0-F51710F75CA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-25 12:09 - 2014-03-25 12:09 - 00675840 _____ () C:\WINDOWS\Installer\MSI6F50.tmp
2014-08-27 18:43 - 2014-08-27 18:43 - 00032768 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-08-27 18:43 - 2014-08-27 18:52 - 00034816 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-28 00:53 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2014-10-01 17:42 - 2014-10-01 17:42 - 00050477 _____ () C:\Users\Harald\Downloads\Defogger.exe
2014-08-27 18:43 - 2014-08-27 18:52 - 00042496 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-27 18:42 - 2014-08-27 18:50 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-08-27 18:43 - 2014-08-27 18:52 - 00070144 _____ () C:\Program Files (x86)\LPT\srut.dll
2013-10-24 18:06 - 2013-10-24 18:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-24 18:09 - 2013-10-24 18:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-12-25 01:50 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-29 11:29 - 2013-11-29 11:29 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00344984 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-10-01 17:22 - 2014-10-01 17:22 - 00043008 _____ () c:\users\harald\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2efpxy.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Harald\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-24 18:06 - 2013-10-24 18:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2013-12-20 10:22 - 2014-08-21 11:12 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Harald\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplyEsf-eDocPrintPro => "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Persistence => "C:\WINDOWS\system32\igfxpers.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2441714234-3740754369-2105759011-500 - Administrator - Disabled)
Gast (S-1-5-21-2441714234-3740754369-2105759011-501 - Limited - Disabled)
Harald (S-1-5-21-2441714234-3740754369-2105759011-1002 - Administrator - Enabled) => C:\Users\Harald
UpdatusUser (S-1-5-21-2441714234-3740754369-2105759011-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2014 05:22:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be
Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bf6e
ID des fehlerhaften Prozesses: 0x1a20
Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0
Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1
Pfad des fehlerhaften Moduls: MMDx64Fx.exe2
Berichtskennung: MMDx64Fx.exe3
Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5

Error: (09/27/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be
Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bf6e
ID des fehlerhaften Prozesses: 0x1fb8
Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0
Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1
Pfad des fehlerhaften Moduls: MMDx64Fx.exe2
Berichtskennung: MMDx64Fx.exe3
Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5

Error: (09/27/2014 02:35:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SmartDriverUpdater.exe, Version 3.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 76c

Startzeit: 01cfda4c3875d12d

Endzeit: 203

Anwendungspfad: C:\Program Files (x86)\Smart Driver Updater\SmartDriverUpdater.exe

Berichts-ID: f4d6215f-4640-11e4-befb-2016d83b633c

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/27/2014 01:53:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be
Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bf6e
ID des fehlerhaften Prozesses: 0x1864
Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0
Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1
Pfad des fehlerhaften Moduls: MMDx64Fx.exe2
Berichtskennung: MMDx64Fx.exe3
Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5

Error: (09/27/2014 01:38:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/27/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20315 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1780

Startzeit: 01cfda27f04b2129

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: e3c857c5-461b-11e4-befb-2016d83b633c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/27/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be
Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bf6e
ID des fehlerhaften Prozesses: 0x1728
Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0
Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1
Pfad des fehlerhaften Moduls: MMDx64Fx.exe2
Berichtskennung: MMDx64Fx.exe3
Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5

Error: (09/27/2014 09:38:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MMDx64Fx.exe, Version: 2.3.0.3572, Zeitstempel: 0x503364be
Name des fehlerhaften Moduls: MMDUtl.dll, Version: 4.0.6.3572, Zeitstempel: 0x503364b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000bf6e
ID des fehlerhaften Prozesses: 0xd98
Startzeit der fehlerhaften Anwendung: 0xMMDx64Fx.exe0
Pfad der fehlerhaften Anwendung: MMDx64Fx.exe1
Pfad des fehlerhaften Moduls: MMDx64Fx.exe2
Berichtskennung: MMDx64Fx.exe3
Vollständiger Name des fehlerhaften Pakets: MMDx64Fx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MMDx64Fx.exe5

Error: (09/27/2014 09:12:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/27/2014 07:49:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17c5c

Startzeit: 01cfda0650df646d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: d8a02f10-4609-11e4-befa-2016d83b633c

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (10/01/2014 05:24:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (09/27/2014 10:07:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst afcdpsrv erreicht.

Error: (09/27/2014 10:00:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (09/27/2014 09:39:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/27/2014 09:39:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/27/2014 09:39:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (09/27/2014 09:36:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎09.‎2014 um 09:13:35 unerwartet heruntergefahren.

Error: (09/26/2014 01:05:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (09/26/2014 08:32:13 AM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (7c:2f:80:1c:4d:43) ist fehlgeschlagen.

Error: (09/25/2014 01:26:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (10/01/2014 05:22:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e1a2001cfdd8b730c53f1C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dllb1500f57-497e-11e4-befb-2016d83b633c

Error: (09/27/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e1fb801cfda7907bb0c73C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dll45c6f881-466c-11e4-befb-2016d83b633c

Error: (09/27/2014 02:35:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SmartDriverUpdater.exe3.2.0.076c01cfda4c3875d12d203C:\Program Files (x86)\Smart Driver Updater\SmartDriverUpdater.exef4d6215f-4640-11e4-befb-2016d83b633c

Error: (09/27/2014 01:53:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e186401cfda49ace5ca8bC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dlleb66d671-463c-11e4-befb-2016d83b633c

Error: (09/27/2014 01:38:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/27/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20315178001cfda27f04b21294294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exee3c857c5-461b-11e4-befb-2016d83b633cmicrosoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/27/2014 09:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6e172801cfda26b09fc8a9C:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dlleee96372-4619-11e4-befb-2016d83b633c

Error: (09/27/2014 09:38:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MMDx64Fx.exe2.3.0.3572503364beMMDUtl.dll4.0.6.3572503364b8c0000005000000000000bf6ed9801cfda25ece67f7fC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\MMDUtl.dll3430ea5a-4619-11e4-befb-2016d83b633c

Error: (09/27/2014 09:12:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/27/2014 07:49:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638417c5c01cfda0650df646d4294967295C:\WINDOWS\system32\backgroundTaskHost.exed8a02f10-4609-11e4-befa-2016d83b633cMicrosoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbweApp


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 3914.27 MB
Available physical RAM: 2177.28 MB
Total Pagefile: 5893.95 MB
Available Pagefile: 3907.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:400.47 GB) NTFS
Drive e: (Volume) (Fixed) (Total:223.44 GB) (Free:32.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F6196AA7)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0A65868D)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Und nochmal danke
__________________

Alt 02.10.2014, 12:21   #4
sunjojo
/// Malwareteam
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Kein Ding. Dann gehts so weiter:



Schritt 1
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke dann auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird auch noch eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Schritt 2
Bitte deinstalliere folgende Programme:
  • LPT System Updater Service
  • PC Speed Maximizer Pro v3.2
  • SafeFinder Smartbar
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • MBRMastr_<date>_<time>.txt
  • AdwCleaner[Sx].txt
  • FRST.txt
__________________
Gruß,

Jonas

Alt 06.10.2014, 14:50   #5
sunjojo
/// Malwareteam
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen.

__________________
Gruß,

Jonas

Alt 08.10.2014, 20:46   #6
sunjojo
/// Malwareteam
 
Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Standard

Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr



Fehlende Rückmeldung

Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht.

Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.
__________________
--> Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr

Antwort

Themen zu Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr
avira antivir, computer, erstell, fehlercode 0xc0000005, fehlercode 31, fehlercode windows, fehlermeldung, funktioniert, funktioniert nicht, funktioniert nicht mehr, launch, programm, prozess, srptm.exe, this device cannot start. (code10), vertrauenswürdige, windows, zugreifen



Ähnliche Themen: Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr


  1. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Avira funktioniert nicht mehr
    Log-Analyse und Auswertung - 24.06.2015 (13)
  2. Windows 7 - "srptm funktioniert nicht mehr"-Fenster taucht ständig auf
    Log-Analyse und Auswertung - 27.10.2014 (7)
  3. Windows 7 - "srptm funktioniert nicht mehr"-Fenster taucht ständig auf
    Alles rund um Windows - 07.10.2014 (4)
  4. srptm funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (24)
  5. srptm funktioniert nicht
    Log-Analyse und Auswertung - 02.07.2014 (7)
  6. Windows Sicherheitscenter lässt sich nicht mehr aktivieren, Malwarebytes funktioniert nicht
    Log-Analyse und Auswertung - 21.06.2014 (9)
  7. Windows Vista funktioniert nicht mehr
    Log-Analyse und Auswertung - 17.05.2014 (68)
  8. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
    Log-Analyse und Auswertung - 22.11.2013 (19)
  9. Windows-Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (1)
  10. Windows 7: COM Surrogate funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (9)
  11. Windows Hostprozess funktioniert nicht mehr 2
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (0)
  12. Windows funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (0)
  13. Windows Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (17)
  14. Windows Updatefunktion funktioniert nicht mehr.
    Alles rund um Windows - 20.01.2012 (3)
  15. Windows Reporting funktioniert nicht mehr, Firewall startet nicht, Windows Explorer stürzt ab
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (11)
  16. Windows Installer funktioniert nicht mehr
    Alles rund um Windows - 17.01.2011 (20)
  17. Windows funktioniert nicht mehr
    Mülltonne - 26.06.2008 (0)

Zum Thema Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr - Hallo liebes Trojaner-board Team, Der Computer meines Vaters zeigt seit ungefähr 1-2 Wochen in sehr kurzen Abständen die Fehlermeldung "SRPTM.exe funktioniert nicht mehr". Laut der Aussage meines Vaters, sei der - Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr...
Archiv
Du betrachtest: Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.