Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.02.2015, 20:45   #1
PipTook
 
Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden - Standard

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden



Hallo zusammen,

ich habe vor ein paar Wochen mein Windows 8 zu Windows 8.1 umgewandelt. Das wurde mir von meinem Computer empfohlen und ich habe mich auch an die Anweisung gehalten. Danach hat mein Sophos-Programm angeschlagen, dass ein Adware/PUA gefunden wurde. Beim Scan des Systems gab es außerdem Fehlermeldungen, dass beim Ordner Windows.old Sachen nicht gefunden wurden. Deshalb wollte ich wissen, ob mein Computer in Gefahr ist oder der PUA rechtzeitig erkannt wurde und was ich mit dem Ordner windows.old machen soll.
Hier ist einmal die Übersicht des Protokolls von Sophos, leider weiß ich nicht, wie ich bei Sophos Logfiles erstellen lassen kann. Da es außerdem sonst zu lang wird, habe ich ihn in den Anhang gepostet - leider waren die zahlreichen Zugriffsverweigerungen auf windows.old sogar für den Anhang zu groß, deshalb stark verkürzt nur der letzte Teil.

Hier sind jetzt noch die anderen Files:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:01 on 18/02/2015 (Pippin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Pippin (administrator) on PIP on 18-02-2015 21:04:27
Running from C:\Users\Pippin\Desktop
Loaded Profiles: Pippin (Available profiles: UpdatusUser & Pippin)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-09-18] (Sophos Limited)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [SCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM-x32\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218696 2014-10-08] (Sophos Limited)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-242285392-2585440693-653752246-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-242285392-2585440693-653752246-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-14]
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-09-18] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 21:04 - 2015-02-18 21:05 - 00016980 _____ () C:\Users\Pippin\Desktop\FRST.txt
2015-02-18 21:04 - 2015-02-18 21:04 - 00000000 ____D () C:\FRST
2015-02-18 21:02 - 2015-02-18 21:02 - 02086912 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe
2015-02-18 21:01 - 2015-02-18 21:01 - 00000474 _____ () C:\Users\Pippin\Desktop\defogger_disable.log
2015-02-18 20:59 - 2015-02-18 20:59 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2015-02-18 20:59 - 2015-02-18 20:59 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2015-02-18 20:58 - 2015-02-18 20:58 - 00050477 _____ () C:\Users\Pippin\Desktop\Defogger.exe
2015-02-18 20:54 - 2015-02-18 20:54 - 00156013 _____ () C:\Users\Pippin\Desktop\Sophos.txt
2015-02-18 20:54 - 2015-02-18 20:54 - 00000090 ____H () C:\Users\Pippin\Desktop\.~lock.Sophos.txt#
2015-02-13 22:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 22:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 22:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 22:24 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 22:24 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 22:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 22:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 22:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 22:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 22:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 22:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 22:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 22:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 22:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 22:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 22:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-13 22:23 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 22:23 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 22:23 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 22:23 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 22:23 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 22:23 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 22:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 22:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 22:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 22:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 22:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 22:23 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 22:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 22:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 22:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 22:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 22:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 22:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 22:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 22:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 22:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 22:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 22:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 22:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 22:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 22:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 22:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 22:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 22:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 22:23 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 22:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 22:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 22:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 22:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 22:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 22:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 22:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 22:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 22:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 22:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 22:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 22:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 22:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-13 22:23 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 22:23 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 22:23 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 22:20 - 2015-02-12 22:20 - 00011187 _____ () C:\Users\Pippin\Desktop\Mahler_Rabatt.odt
2015-02-09 21:26 - 2015-02-09 21:26 - 00025600 ___SH () C:\Users\Pippin\Desktop\Thumbs.db
2015-02-09 20:53 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-09 20:53 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-09 20:40 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-02-09 20:40 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-02-09 20:40 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-02-09 20:40 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-02-09 20:40 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-02-09 20:34 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-02-09 20:34 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-02-09 20:33 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-02-09 20:33 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-02-09 20:29 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-02-09 20:29 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-02-09 20:29 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-02-09 20:29 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-02-09 20:28 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-02-09 20:28 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-02-08 17:51 - 2015-02-08 17:51 - 01055936 _____ (Adobe) C:\Users\Pippin\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-02-08 17:50 - 2015-02-18 20:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-08 17:50 - 2015-02-08 17:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-06 23:43 - 2015-02-06 23:43 - 00001452 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-06 23:42 - 2015-02-06 23:42 - 00000020 ___SH () C:\Users\Pippin\ntuser.ini
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Programme
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-02-06 19:46 - 2015-02-06 19:46 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-02-06 19:30 - 2015-02-06 19:30 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-06 19:24 - 2015-02-06 19:24 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-02-06 19:23 - 2015-02-18 20:59 - 00000000 ____D () C:\Users\Pippin
2015-02-06 19:23 - 2015-02-06 19:46 - 00030483 _____ () C:\WINDOWS\diagwrn.xml
2015-02-06 19:23 - 2015-02-06 19:46 - 00030483 _____ () C:\WINDOWS\diagerr.xml
2015-02-06 19:23 - 2015-02-06 19:24 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 19:23 - 2015-02-06 19:24 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Vorlagen
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Startmenü
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Netzwerkumgebung
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Lokale Einstellungen
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Eigene Dateien
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Druckumgebung
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Documents\Eigene Musik
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Documents\Eigene Bilder
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Local\Verlauf
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Local\Anwendungsdaten
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Anwendungsdaten
2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-06 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-06 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-06 19:15 - 2015-02-06 19:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf
2015-02-06 19:15 - 2015-02-06 19:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf
2015-02-06 19:15 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 03426956 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-06 19:15 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-06 19:15 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-06 19:14 - 2015-02-18 20:49 - 01614812 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 19:14 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-06 19:14 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-06 19:14 - 2015-02-06 19:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevPch_01009.Wdf
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\Program Files\Realtek
2015-02-06 19:14 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-02-06 19:14 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-02-06 19:13 - 2015-02-06 19:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf
2015-02-06 19:11 - 2015-02-06 23:44 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-06 19:11 - 2015-02-06 19:11 - 00000000 __SHD () C:\Recovery
2015-02-06 19:10 - 2015-02-15 01:05 - 00000000 ____D () C:\Windows.old
2015-02-06 19:09 - 2015-02-06 19:09 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-06 19:09 - 2015-02-06 19:09 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-06 19:09 - 2015-02-06 19:09 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-02-06 19:09 - 2015-02-06 19:09 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-02-06 19:09 - 2015-02-06 19:09 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-02-06 19:08 - 2015-02-06 19:08 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-06 19:08 - 2015-02-06 19:08 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-06 19:08 - 2015-02-06 19:08 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-06 19:08 - 2015-02-06 19:08 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-06 19:08 - 2015-02-06 19:08 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-06 19:08 - 2015-02-06 19:08 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-02-06 19:08 - 2015-02-06 19:08 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-06 19:08 - 2015-02-06 19:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-02-06 19:07 - 2015-02-06 19:07 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-02-06 19:07 - 2015-02-06 19:07 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-02-06 19:07 - 2015-02-06 19:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-02-06 19:07 - 2015-02-06 19:07 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-02-06 19:07 - 2015-02-06 19:07 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-06 19:07 - 2015-02-06 19:07 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-06 19:06 - 2015-02-06 19:06 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-06 19:03 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-02-06 19:03 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-02-06 19:03 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-02-06 19:03 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-02-06 18:19 - 2015-02-06 19:46 - 00006569 _____ () C:\WINDOWS\comsetup.log
2015-01-26 22:33 - 2015-01-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 19:49 - 2015-02-08 17:53 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-01-20 10:03 - 2015-01-20 10:03 - 00000276 _____ () C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2015-01-20 10:03 - 2015-01-20 10:03 - 00000000 ____D () C:\Program Files (x86)\Scan Assistant
2015-01-20 10:02 - 2015-01-20 10:02 - 00000000 ____D () C:\Users\Pippin\AppData\Local\S2PC
2015-01-20 10:00 - 2015-01-20 10:02 - 00000385 _____ () C:\WINDOWS\Samsung SCX-3200 Series.txt
2015-01-20 09:59 - 2015-01-20 10:02 - 00000139 _____ () C:\WINDOWS\SScanMgr.log
2015-01-20 09:59 - 2015-01-20 09:59 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\InstallShield
2015-01-20 09:59 - 2015-01-20 09:59 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-01-20 09:59 - 2011-06-22 04:18 - 00493432 _____ () C:\WINDOWS\ssndii.exe
2015-01-20 09:59 - 2009-10-28 16:20 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4.dll
2015-01-20 09:59 - 2009-10-28 16:20 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2.dll
2015-01-20 09:59 - 2009-10-28 16:20 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4r.dll
2015-01-20 09:59 - 2009-10-28 16:20 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll
2015-01-20 09:59 - 2009-10-28 16:20 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2r.dll
2015-01-20 09:59 - 2009-10-28 16:20 - 00021776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2a.dll
2015-01-20 09:58 - 2015-01-20 09:58 - 00000000 ____D () C:\WINDOWS\Samsung
2015-01-20 09:58 - 2011-06-10 04:12 - 00143872 _____ () C:\WINDOWS\Wiainst64.exe
2015-01-20 09:56 - 2015-01-20 09:56 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-20 09:41 - 2015-01-20 09:50 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Samsung
2015-01-20 09:40 - 2015-02-06 19:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-01-20 09:40 - 2015-01-20 09:40 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-20 09:40 - 2014-05-22 14:22 - 02738496 _____ () C:\WINDOWS\TotalUninstaller.exe
2015-01-20 09:38 - 2014-07-03 05:07 - 00000357 _____ () C:\WINDOWS\system32\usp01l.smt
2015-01-20 09:38 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\system32\usp01l.dll
2015-01-20 09:38 - 2013-05-10 10:48 - 00162136 _____ () C:\WINDOWS\system32\usp01ci.exe
2015-01-20 09:38 - 2010-10-20 09:46 - 00089600 _____ (SS) C:\WINDOWS\system32\usp01ci.dll
2015-01-20 09:37 - 2015-01-20 09:37 - 22225776 _____ () C:\Users\Pippin\Downloads\SamsungUniversalPrintDriver2.exe
2015-01-20 09:35 - 2015-01-20 09:35 - 03967320 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.60.40.3.exe
2015-01-20 09:34 - 2015-01-20 09:34 - 04053824 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.70.5.0(1).exe
2015-01-20 09:21 - 2015-01-20 09:21 - 04053824 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.70.5.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-18 19:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-18 19:39 - 2013-09-02 18:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2015-02-18 19:39 - 2013-09-02 18:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2015-02-18 19:39 - 2013-02-20 06:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2015-02-15 00:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 23:36 - 2013-07-10 20:54 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2015-02-14 23:22 - 2013-02-20 06:15 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-242285392-2585440693-653752246-1002
2015-02-14 20:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 20:26 - 2013-08-22 15:46 - 00331044 _____ () C:\WINDOWS\setupact.log
2015-02-14 20:26 - 2013-08-22 15:44 - 00508344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-14 20:09 - 2013-09-15 21:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-14 19:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-14 19:59 - 2013-02-23 16:19 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 22:17 - 2013-09-02 18:47 - 00001069 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk
2015-02-13 22:17 - 2013-09-02 18:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 20:03 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 20:03 - 2014-11-21 03:45 - 00773008 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-12 20:03 - 2014-11-21 03:45 - 00162310 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-11 21:19 - 2014-01-13 21:54 - 00000000 ____D () C:\Users\Pippin\Documents\My Digital Editions
2015-02-09 21:26 - 2014-08-11 19:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2015-02-09 21:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-09 21:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-09 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-09 20:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-08 17:50 - 2014-07-06 19:28 - 00000000 ____D () C:\Users\Pippin\AppData\Local\Adobe
2015-02-06 23:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-06 23:48 - 2013-02-20 06:07 - 00000000 ____D () C:\Users\Pippin\AppData\Local\Packages
2015-02-06 19:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-02-06 19:47 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-02-06 19:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-06 19:42 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-06 19:42 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-06 19:35 - 2012-11-02 12:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-06 19:35 - 2012-11-02 12:30 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-06 19:32 - 2014-10-25 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-02-06 19:32 - 2014-02-28 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-06 19:32 - 2014-02-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-06 19:32 - 2014-02-16 21:42 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-06 19:32 - 2014-02-16 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-06 19:32 - 2014-01-13 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-02-06 19:32 - 2013-11-30 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2015-02-06 19:32 - 2013-10-23 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-06 19:32 - 2013-09-17 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-02-06 19:32 - 2013-09-02 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-06 19:32 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-06 19:32 - 2013-05-05 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-02-06 19:32 - 2013-04-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
2015-02-06 19:32 - 2013-02-23 22:40 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
2015-02-06 19:32 - 2013-02-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-02-06 19:32 - 2013-02-23 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-02-06 19:32 - 2013-02-23 20:59 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2015-02-06 19:32 - 2013-02-22 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
2015-02-06 19:32 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-02-06 19:30 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-02-06 19:30 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-02-06 19:29 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-02-06 19:29 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-02-06 19:29 - 2012-11-02 12:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-02-06 19:28 - 2014-01-15 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-02-06 19:28 - 2014-01-13 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
2015-02-06 19:28 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-06 19:28 - 2013-06-20 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellForce
2015-02-06 19:28 - 2013-06-19 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2015-02-06 19:28 - 2013-03-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-02-06 19:28 - 2013-02-21 05:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-06 19:28 - 2012-11-02 12:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2015-02-06 19:28 - 2012-08-02 14:28 - 00000000 ____D () C:\ProgramData\PRICache
2015-02-06 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-06 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-02-06 19:24 - 2013-06-20 19:57 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpellForce
2015-02-06 19:12 - 2014-11-20 19:24 - 00004712 _____ () C:\WINDOWS\PFRO.log
2015-02-06 19:10 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-02-06 19:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-06 18:50 - 2012-11-02 12:43 - 01191334 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-02-06 17:43 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-02-05 20:50 - 2014-10-26 22:15 - 00000000 ____D () C:\Users\Pippin\Documents\FMC II
2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 20:10 - 2013-03-03 18:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-28 19:39 - 2013-02-21 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 10:02 - 2012-11-02 12:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-20 09:46 - 2015-01-16 21:53 - 00009216 _____ () C:\Users\Pippin\Desktop\Spiele_Palaver.xls

==================== Files in the root of some directories =======

2013-02-20 06:10 - 2015-02-18 19:39 - 0000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd

Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 19:38

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Pippin at 2015-02-18 21:06:15
Running from C:\Users\Pippin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D-Fend Reloaded 1.3.3 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog)
Dropbox (HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version:  - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
Spellforce 2 Gold (HKLM-x32\...\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}) (Version: 1.00.0000 - JoWooD Productions Software AG)
SpellForce 2 Patch (x32 Version: 1.0.0 - JoWood) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-02-2015 20:47:54 Windows Update
12-02-2015 19:52:19 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-09-10 18:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {157FE703-085E-42B4-8226-FA60C8803A12} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {18B454E9-1852-4971-A415-32C148D32A2D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {1C90A4CE-7715-40BF-AD27-57F85AD216EB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {38FD6AC5-0A95-4B51-9B6D-A81689FB8135} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4B4C7FC8-5693-4386-8779-AFBCACA13E74} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {5BD083D4-7E75-420F-AE18-9D8F911B215A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A30D60B4-EA6D-4ABF-8E49-60C40351B6FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B8512B0D-B80B-4958-AEB1-1DBDE3804D92} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {D5327D3B-00E9-48D8-8987-C7E61DBF7AA8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {F8BB1DAA-AB35-4A6B-893C-6CC20D3C3884} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-14] (Microsoft Corporation)
Task: {FEFF0835-7777-4C44-8F95-2A90E87027B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 09:38 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2011-04-14 02:40 - 2011-04-14 03:40 - 00968192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2014-03-19 21:46 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-09-07 05:41 - 2012-07-30 12:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-09-07 05:41 - 2012-07-30 12:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-06 19:15 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-02 12:31 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-01-26 22:33 - 2015-01-26 22:33 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-18 19:39 - 2015-02-18 19:39 - 00043008 _____ () c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:48862C37

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-242285392-2585440693-653752246-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "3200 Scan2PC"
HKLM\...\StartupApproved\Run32: => "SCX3200_Scan2Pc"
HKLM\...\StartupApproved\Run32: => "Samsung PanelMgr"

==================== Accounts: =============================

Administrator (S-1-5-21-242285392-2585440693-653752246-500 - Administrator - Disabled)
Gast (S-1-5-21-242285392-2585440693-653752246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-242285392-2585440693-653752246-1013 - Limited - Enabled)
Pippin (S-1-5-21-242285392-2585440693-653752246-1002 - Administrator - Enabled) => C:\Users\Pippin
SophosSAUPIP0 (S-1-5-21-242285392-2585440693-653752246-1011 - Limited - Enabled)
UpdatusUser (S-1-5-21-242285392-2585440693-653752246-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2015 07:48:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (02/06/2015 05:10:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/05/2015 07:06:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/04/2015 06:27:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]


System errors:
=============
Error: (02/18/2015 07:39:51 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 07:39:21 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/15/2015 01:02:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (02/15/2015 00:24:52 PM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume4\Windows.old\Users\Pippin\AppData\Local\temp\nsmACAC.tmp\InstallMgr.exe durchführen.

Error: (02/15/2015 00:21:25 PM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume4\Windows.old\Users\Pippin\AppData\Local\temp\nsmACAC.tmp\InstallMgr.exe durchführen.

Error: (02/15/2015 05:13:22 AM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/15/2015 05:12:52 AM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/14/2015 11:23:46 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/14/2015 11:23:16 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/14/2015 08:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (02/18/2015 07:48:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (02/06/2015 05:10:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/05/2015 07:06:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/04/2015 06:27:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]


CodeIntegrity Errors:
===================================
  Date: 2014-09-10 19:59:23.084
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 3981.53 MB
Available physical RAM: 1725.23 MB
Total Pagefile: 5389.53 MB
Available Pagefile: 3123.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:131.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:237.01 GB) NTFS
Drive e: (SAMSUNG_MFP) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Bei dem Scan mit GMER kamen folgende Fehlermeldungen:
- C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
- C:\Users\Pippin\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-18 21:22:33
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: kx1ymsb1.exe; Driver: C:\Users\Pippin\AppData\Local\Temp\fxldapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                                                                                                  00007ffbe7eb3e10 7 bytes JMP 00007ffce7bb02d0
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                                                                                                         00007ffbe7eb3e20 7 bytes JMP 00007ffce7bb0308
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                                                                                                           00007ffbe7f639b0 7 bytes JMP 00007ffce7bb03b0
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                                                                                                          00007ffbe7f63ef0 7 bytes JMP 00007ffce7bb0340
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                                                                                                           00007ffbe7f63fe0 7 bytes JMP 00007ffce7bb0378
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                                                                                                  00007ffbe7f906c0 7 bytes JMP 00007ffce7bb0228
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                                                                                                    00007ffbe7f90730 3 bytes JMP 00007ffce7bb0298
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW + 4                                                                                                                                                                00007ffbe7f90734 3 bytes [FF, CC, CC]
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                                                                                                  00007ffbe7f90760 7 bytes JMP 00007ffce7bb0260
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                                            00007ffbe7bc21d0 5 bytes JMP 00007ffce7bb0180
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                                       00007ffbe7bc29d0 7 bytes JMP 00007ffce7bb00d8
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                                     00007ffbe7bc4310 5 bytes JMP 00007ffce7bb0110
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                         00007ffbe7bc8d80 5 bytes JMP 00007ffce7bb0148
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                                                                                                            00007ffbea486d90 10 bytes JMP 00007ffce7bb0490
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                                                                                                        00007ffbea4974a0 5 bytes JMP 00007ffce7bb0458
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                                                 00007ffbea497560 1 byte JMP 00007ffce7bb03e8
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                                                                                                                                             00007ffbea497562 7 bytes {JMP 0xfffffffffd718e88}
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                                                                                                        00007ffbea4a6b10 5 bytes JMP 00007ffce7bb0420
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                                    00007ffbe9d11500 8 bytes JMP 00007ffce7bb01b8
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                                      00007ffbe9d11750 8 bytes JMP 00007ffce7bb01f0
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory                                                                                                                                                                            00007ffbe3c87750 5 bytes JMP 00007ffce3b000d8
.text    C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1                                                                                                                                                                           00007ffbe3c88ee0 5 bytes JMP 00007ffce3b00110

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [992:4552]                                                                                                                                                                                                                    fffff960009212d0
Thread   C:\WINDOWS\Explorer.EXE [1000:776]                                                                                                                                                                                                                          00007ffbe4fde630
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:2916]                                                                                                                                                                                                                   0000000000e2a3da
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3548]                                                                                                                                                                                                                   0000000000dda980
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5064]                                                                                                                                                                                                                   0000000000dc2850
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1808]                                                                                                                                                                                                                   0000000000dbcbf0
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:4268]                                                                                                                                                                                                                   0000000000de5150
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:4920]                                                                                                                                                                                                                   0000000000de5240
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3340]                                                                                                                                                                                                                   00000000562b4190
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1636]                                                                                                                                                                                                                   00000000562b4ab0
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1256]                                                                                                                                                                                                                   00000000562c82d0
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3276]                                                                                                                                                                                                                   00000000562c8430
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5176]                                                                                                                                                                                                                   00000000562c5a60
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5464]                                                                                                                                                                                                                   0000000000dbe6f0
---- Processes - GMER 2.1 ----

Process  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (FILE NOT FOUND)                                                                                              0000000000400000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28)        000000006ca10000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            000000006c6e0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)           000000006c2f0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:30)                                                                                        000000006c0c0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004a900000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30)                                                         0000000004220000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004ad00000
Library  c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-18 18:39:23)                                       0000000003db0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)        0000000067810000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)         0000000064fb0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)          00000000675f0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000067390000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000067360000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:30)                                                                                           0000000067350000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)  00000000672d0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)         0000000067230000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)   0000000067170000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:28)                                                                       0000000064ac0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:28)                                                                       0000000064a80000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
Ich hoffe, dass ich alles richtig gemacht habe, ansonsten bitte melden.
Ich bedanke mich schon einmal jetzt für jede Hilfe und Tipps - seit ich Windows 8 habe, scheint mein Computer sehr viel anfälliger zu sein für Viren oder Trojaner. Falls es speziell für Windows 8 einen besseren Schutz oder besondere Hinweise gibt, dann bitte auch die schreiben.

Danke

Alt 19.02.2015, 05:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden - Standard

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden



Hi,

sieht eigentlich gut aus. Windows.old ist das alte Windows 8. Wenn Du aus dem Ordner keine privaten Daten mehr brauchst (Benutzer > Dokumente, Musik, Videos) den kompletten Ordner über die Windows Datenträgerbereinigung löschen.
__________________

__________________

Alt 21.02.2015, 14:50   #3
PipTook
 
Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden - Standard

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden



Hallo,

entschuldige bitte die späte Antwort. Das beruhigt mich erst mal, dass es ganz gut aussieht. Der Windows.old Ordner ließ sich nicht alleine durch Datenträgerbereinigung entfernen, ich habe dann noch manuell nachgeholfen. Mein Sophos hat sich immer wieder beschwert wegen dem APU-Fund. Da allerdings nach wie vor nur einer in Quarantäne ist, nehme ich an, dass ist immer noch der gleiche. Trotzdem habe ich nach dem manuellen Löschen direkt auch den Papierkorb geleert.
Seitdem habe ich (bis jetzt) tatsächlich auch Ruhe und halt einen Fund mehr in Quarantäne. Ich würde trotzdem gerne noch ein paar Tage den Thread offen lassen, falls er zurück kommt. Oder ist es normal, dass ein Antivirenprogramm immer wieder wegen des gleichen Funds anschlägt?

Vielen Dank schon einmal.
__________________

Alt 22.02.2015, 07:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden - Standard

Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden



Solange der Fund an der Stelle da ist wird auch immer wieder gemeckert . Thread bleibt eh offen, teste ein paar Tage und melde dich wieder
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden
adobe, browser, combofix, computer, defender, explorer, failed, firefox, flash player, home, homepage, installation, monitor, mozilla, prozess, realtek, registry, scan, schutz, security, services.exe, software, svchost.exe, warnung, windows, windows.old



Ähnliche Themen: Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden


  1. Laptop fährt nach Windows Update nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (15)
  2. Windows 8: Adware Fund durch Avira
    Log-Analyse und Auswertung - 07.03.2015 (17)
  3. Problem oder nicht? Avast nach Update -Rootkit-Fund
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (3)
  4. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  5. Windows 7 bootet nach automatischem Update nicht mehr
    Alles rund um Windows - 31.07.2014 (2)
  6. Windows 8: Malware Fund - ADWARE/InstallCore.Gen + WLAN Probleme
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (7)
  7. Tastatur funktioniert nicht mehr nach Update auf Windows 8.1
    Alles rund um Windows - 14.12.2013 (11)
  8. Windows 7: svchost.exe Fund: ADWARE/bprotektor.E
    Log-Analyse und Auswertung - 07.12.2013 (7)
  9. Windows reagiert nach kleinigkeiten nicht mehr.Dropper.gen fund.
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (7)
  10. Windows 7 startet nach Update nicht mehr
    Alles rund um Windows - 29.10.2013 (10)
  11. Windows 7 Avira Fund: adware/bprotect.d
    Log-Analyse und Auswertung - 09.09.2013 (6)
  12. Windows 7 - Mit Windows Update kann zur Zeit nicht nach ...
    Alles rund um Windows - 23.03.2011 (7)
  13. Grafikkarte geht nicht nach Windows Update
    Alles rund um Windows - 03.06.2010 (5)
  14. PC fährt nicht mehr hoch nach Windows 7-Update
    Alles rund um Windows - 27.05.2010 (5)
  15. windows update läuft nicht, TR/Dldr.Agent.dfhk gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.04.2010 (2)
  16. Windows-Lücke nach 17 Jahren gefunden [Update]
    Nachrichten - 20.01.2010 (1)
  17. PC fährt nach automatischen Windows Update nicht mehr hoch
    Alles rund um Windows - 25.06.2005 (2)

Zum Thema Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden - Hallo zusammen, ich habe vor ein paar Wochen mein Windows 8 zu Windows 8.1 umgewandelt. Das wurde mir von meinem Computer empfohlen und ich habe mich auch an die Anweisung - Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden...
Archiv
Du betrachtest: Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.