Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?

Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?


Log-Analyse und Auswertung: Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.05.2015, 15:18   #16
Klara94
 
Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation? - Standard

Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?


FRST.txt VI:

Code:
ATTFilter
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 15:48 - 2014-11-23 16:12 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 15:48 - 2014-11-23 16:12 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 15:48 - 2014-03-18 11:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 15:45 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 15:44 - 2015-02-10 21:25 - 00000000 ____D () C:\Users\emilia\OneDrive
2015-05-20 15:44 - 2014-11-23 09:17 - 01111908 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 15:41 - 2014-03-18 11:39 - 00365414 _____ () C:\Windows\PFRO.log
2015-05-20 15:41 - 2013-08-22 16:46 - 00021701 _____ () C:\Windows\setupact.log
2015-05-20 15:41 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 15:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-20 15:29 - 2015-03-15 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 12:27 - 2015-02-08 23:21 - 00000000 ____D () C:\Users\emilia\AppData\Local\CrashDumps
2015-05-18 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 16:49 - 2015-02-08 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 16:49 - 2013-08-22 16:44 - 00371584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 21:15 - 2015-02-09 10:03 - 00000000 ____D () C:\Users\emilia\Documents\hb
2015-05-16 21:15 - 2015-02-08 23:16 - 00002312 _____ () C:\Users\emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-16 21:09 - 2015-02-08 23:14 - 00000000 ____D () C:\Users\emilia\AppData\Local\clear.fi
2015-05-15 07:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-15 07:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-15 07:47 - 2015-02-11 09:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 07:42 - 2015-02-11 09:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 07:28 - 2015-02-08 23:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 06:48 - 2015-03-10 15:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 06:48 - 2015-03-10 15:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:37 - 2015-02-09 10:03 - 00000000 ____D () C:\Users\emilia\Documents\PP-Ausbildung
2015-05-15 00:37 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 15:35 - 2015-03-10 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 15:30 - 2014-03-18 11:33 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 13:47 - 2015-02-08 23:40 - 00000000 ____D () C:\Users\emilia\AppData\Roaming\vlc
2015-05-08 00:20 - 2015-02-08 23:12 - 00000000 ____D () C:\Users\emilia
2015-05-05 19:59 - 2015-02-11 10:26 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-02-11 10:26 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 16:59 - 2015-02-11 16:53 - 00000000 ____D () C:\Users\emilia\Documents\Bluetooth Folder
2015-05-05 12:23 - 2015-03-08 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:29 - 2015-03-08 22:41 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:29 - 2015-03-08 22:41 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-23 12:08 - 2013-08-22 17:37 - 00005111 _____ () C:\Windows\DtcInstall.log
2015-04-23 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-23 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2015-04-23 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-04-23 11:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-23 11:59 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-23 11:59 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-23 11:59 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Com
2015-04-23 11:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\IME
2015-04-23 11:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-23 11:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-23 11:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-23 11:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-04-23 11:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-04-23 11:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-23 11:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-04-22 16:27 - 2013-08-22 17:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-04-22 16:27 - 2013-08-22 17:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

==================== Files in the root of some directories =======

2014-11-23 08:30 - 2014-11-23 08:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\emilia\AppData\Local\Temp\avgnt.exe
C:\Users\emilia\AppData\Local\Temp\Quarantine.exe
C:\Users\emilia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 07:39

==================== End Of Log ============================

Und schließlich noch die Addition.txt

Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by emilia at 2015-05-20 15:59:48
Running from C:\Users\emilia\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2277180732-268029850-697756749-500 - Administrator - Disabled)
Gast (S-1-5-21-2277180732-268029850-697756749-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2277180732-268029850-697756749-1003 - Limited - Enabled)
emilia (S-1-5-21-2277180732-268029850-697756749-1001 - Administrator - Enabled) => C:\Users\emilia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8106.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2277180732-268029850-697756749-1001\...\Amazon Kindle) (Version:  - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Startfenster (HKLM\...\Startfenster) (Version:  - Startfenster)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2277180732-268029850-697756749-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C44A4D8-5EDB-444B-9FA7-5C11A5F307B2} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {2330CE73-F9A7-4AD8-97EB-AD284067D93E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {2564E252-4609-4A74-83EC-143C146A4081} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {26017BFB-4F6C-4228-BD0A-E1FD8088A606} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {429E2EAE-A977-4CC0-9456-53E8DF825F6F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {48B6B3B5-3344-4895-B6B9-618CCA1B174A} - \Optimize Start Menu Cache Files-S-1-5-21-2277180732-268029850-697756749-1001 No Task File <==== ATTENTION
Task: {5A8D4F9A-92C7-4F25-9736-FBBD79551DF0} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {5CCA3AF9-8E23-440A-AA24-820CB73BBB42} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-15] (Microsoft Corporation)
Task: {5FF61A81-2C94-481F-B1ED-E04073C42060} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {65108F52-5E37-499E-8EBF-4130852173CF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {7991CE2A-B00F-4B84-9DF6-0306DE131A0D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-07-22] (Acer Incorporated)
Task: {7E4AFEEF-217A-4DDD-A961-12D0481B7CC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {9B225D04-7D76-435D-8AA5-56B887B0C34C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {B57CFFCF-518C-488A-BB96-57DA949BF2F0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B96EECA9-9556-46CA-8843-C5ED51C5423A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BE83F060-8A45-4C3B-BB9A-DAFDA18F3E33} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D3FCBC92-9CE6-4EB9-9468-B259B4842F35} - \Optimize Start Menu Cache Files-S-1-5-21-2277180732-268029850-697756749-500 No Task File <==== ATTENTION
Task: {E00B05FD-0EF1-4288-8781-48E8367D40CF} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {E5B40D8A-128E-4D2F-9991-5B2DB3A2F2DF} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {FC1DDAA5-A19B-4513-9EFD-2C0BBDA5B2D0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\emilia\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2277180732-268029850-697756749-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-2277180732-268029850-697756749-1001\...\StartupApproved\Run: => "Pokki"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1077BFB3-6DEB-4487-84F7-87DDD818A5B0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5AB533C9-496D-45D1-BC20-DD644894BB4A}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{DA74BFFD-02A6-4405-980D-BF8F595838DB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CBF8C6AD-EDE0-4128-807B-86BC1A9E25E4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D0D4582F-8AC7-4C54-9A81-ABF4B828D5D7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CF30776F-A06E-4F23-A1D5-C1FDD3B33201}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0EFBF754-608C-4719-88C8-89CF7167105A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AA664D3A-D327-4311-AE6F-2F5EC926E452}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BC2CBABC-825F-4FF8-8A9B-98CB2FE5297D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2836D66E-DE16-44E5-AED9-7900EC710534}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{960F94EA-71B9-4495-9578-83B1BDB33167}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CE174997-0BE9-4E56-89BF-F163FCDE5779}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1EE44622-AF1E-415F-AD7D-4E00758F647B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{84E2F36C-655C-45D6-A106-F91F349ECF7D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B79C3DD8-BEC7-479E-97EE-F39033F6752F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{589BA667-F4FE-49E9-A3BD-D7D32D8DBB30}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{FA4F0E70-F34F-43C8-BFF1-29DA8418EB93}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{68B5B8BF-B661-4327-8FF3-A55B8DE5482B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{88539AC0-427B-4153-9E9A-1D7F7CAD1E8E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{2B736978-9E5D-45ED-AC92-1A37C0370DBF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7AD74E34-97C9-4A16-AFB6-2F5C127ADFE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F77A9449-056E-45AE-BE10-A95E4799D041}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F224D427-5D7C-4D64-A6D1-7C7486B4931A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AE76D263-C4E2-4997-B8E8-2C432208374C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EC3DF005-0072-49FE-9C5C-487D1D87FB46}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8304B71F-3C01-44BE-93D6-9CD37E6D0152}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9420013D-8686-4A73-88F9-B568DACACA63}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6C7D8CA-3E58-47FE-BF4B-19276483CE6D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0818FADB-A955-4E09-B4DB-DB71D701B66A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{540D1B55-5CDB-45AD-8681-C33A68AF27D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D81C053A-6A29-45C3-854F-E8C567B8AE8F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{78E2D5C9-1E96-4712-9273-EFB0416494A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C24B92B2-5F27-4C97-B4A1-C262895C6E49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{02E8FC42-AFB6-4BEC-B324-B7B405B37189}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F310CA22-3B0A-48CF-AC50-6D7C56FED3B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{32977412-F90A-4B92-8643-262C3BF72CEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67A3D4DA-E6C1-4850-924A-9DCCFBA4900F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5302D683-EAD4-44A8-9806-E60D4F46ED34}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [UDP Query User{32610509-52E3-4CB3-A347-CA9ADBCFED78}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe
FirewallRules: [TCP Query User{763D0603-AB6E-40BA-A5BB-8AAF1F8587D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{724EF3F5-BF25-4124-BD25-135313FA2CEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 00:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x429c
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (05/19/2015 07:54:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.

Error: (05/19/2015 07:50:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.

Error: (05/17/2015 06:39:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x10c8
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (05/16/2015 04:00:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x1d44
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (05/15/2015 07:27:17 AM) (Source: MsiInstaller) (EventID: 1024) (User: UHU)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/15/2015 07:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0xebc
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (05/13/2015 03:29:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (05/09/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UHU)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/09/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UHU)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (05/20/2015 03:53:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/20/2015 03:51:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 03:51:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 03:51:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 03:51:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access RadioMgr Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 03:51:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 03:51:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 03:51:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 03:51:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 03:51:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SonicWALL Global VPN Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/20/2015 00:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d429c01d092c47023f5b2C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllc5f06ef6-feda-11e4-8271-206a8aa5bea2

Error: (05/19/2015 07:54:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\$Recycle.Bin\S-1-5-21-2277180732-268029850-697756749-1001\$R8B9Q7U.exe

Error: (05/19/2015 07:50:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Users\emilia\AppData\Local\Temp\oct76E2.tmp.exe

Error: (05/17/2015 06:39:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d10c801d090b138165f59C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll42f4d5f2-fcb3-11e4-8271-206a8aa5bea2

Error: (05/16/2015 04:00:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d1d4401d08f5ba9afe3faC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll44dde80b-fb6f-11e4-8270-206a8aa5bea2

Error: (05/15/2015 07:27:17 AM) (Source: MsiInstaller) (EventID: 1024) (User: UHU)
Description: Adobe Reader XI (11.0.10) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/15/2015 07:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1debc01d08ecc02c7afa1C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllbbdfc824-fac0-11e4-8270-206a8aa5bea2

Error: (05/13/2015 03:29:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/09/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UHU)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/09/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UHU)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 26%
Total physical RAM: 3977.98 MB
Available physical RAM: 2916.98 MB
Total Pagefile: 5321.98 MB
Available Pagefile: 3871.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.72 GB) (Free:419.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3B3BD4CB)

Partition: GPT Partition Type.

==================== End Of Log ============================
Vielen Dank schonmal - Klara.

 

Themen zu Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?
acer, aktiv, blockiert, booten, check, computer, datei kann nicht geöffnet werden, dateien, desktop, falsche, folge, frage, gelöscht, hallo zusammen, herunterfahren, link, neustart, nicht mehr, passwort, programm, rechner, schnell, startet, system, warnung, win


« Ungültiges Bild Error, gibts hier schon 2-3 Mal | Virenfund durch Virenscanner (Adware + TR/CRYPT.ZPACK+PUA/Multiplug) »


Ähnliche Themen: Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?


  1. Doppelinfektion gelöst - Danke - An Cosinus weiterleiten!
    Lob, Kritik und Wünsche - 21.05.2015 (0)
  2. Internet lahm....Und komische Mails die mir zugesendet werden - CHECK möglich?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2015 (15)
  3. Log-Check nach Update-Problemen (Win 8 / Win 8.1)
    Log-Analyse und Auswertung - 19.11.2014 (9)
  4. Posadi17 nach verschiedenen Maßnahmen immer noch nicht entfernt bekommen
    Log-Analyse und Auswertung - 22.06.2014 (3)
  5. Avira erkennt Viren nach öffnen einer falschen Telekom-Email
    Log-Analyse und Auswertung - 18.06.2014 (11)
  6. Win7 PC-Check nach Virenfund
    Log-Analyse und Auswertung - 07.04.2014 (8)
  7. hunderte Mails von MAILER-DAEMON@mailout-de.gmx.net in zwei tagen im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  8. Check von Lap Top nach Infektion
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (17)
  9. MBR Check nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (9)
  10. Nach verschiedenen Viren (Recovery/iTan Sparkasse) gehen verschiedene Sachen nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (15)
  11. Google Redirect, trotz 3facher Systemneuinstallation nicht beseitigt
    Log-Analyse und Auswertung - 21.11.2010 (11)
  12. Routine-Check nach Neuinstallation
    Log-Analyse und Auswertung - 05.10.2010 (1)
  13. Check der logfiles nach flacor.dat
    Plagegeister aller Art und deren Bekämpfung - 07.09.2010 (5)
  14. Check nach div. Problemen bitte
    Log-Analyse und Auswertung - 28.12.2006 (5)
  15. Trojan.Desktophijack.B auch nach Systemneuinstallation!?
    Plagegeister aller Art und deren Bekämpfung - 21.09.2005 (8)
  16. Neuinstalliert, nach zwei Tagen wieder was drauf
    Plagegeister aller Art und deren Bekämpfung - 10.02.2005 (2)
  17. Zwei offene Ports nach Internetverbindungsfreigabe
    Antiviren-, Firewall- und andere Schutzprogramme - 14.02.2003 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation? - FRST.txt VI: Code: Alles auswählen Aufklappen ATTFilter ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 15:48 - Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation?...
Archiv
Du betrachtest: Doppelinfektion nach zwei verschiedenen falschen DHL Mails - Check vor Systemneuinstallation? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131