| |
| |||||||
Log-Analyse und Auswertung: Finanzamt Trojaner rechtzeitig von Sophos geblockt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.09.2014, 18:59
| #1 |
| |  Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Trojaner-Experten, ich habe die sogenannte Finanzamt-E-Mail bekommen. Dort war die zip-Datei mit angehängt, die ich entpackt habe und (versucht) habe zu öffnen. Versucht deshalb, weil ich kein Word habe, sondern lediglich den Word-Viewer und Open Office und deshalb die Datei nicht zu öffnen war (Fehler: "Makros müssen aktiviert werden"). Kurz darauf kam von Sophos der Hinweis, dass ein Trojaner in die Quarantäne verschoben wurde. Jetzt würde ich gerne wissen, ob mein Computer tatsächlich dem Trojaner entgangen ist (immerhin habe ich schon alles durchgeführt) oder ob ich noch einmal Glück hatte. Leider finde ich in meinem Sophos keine weiteren Informationen mehr über den Trojaner - ich habe aber gemäß Anleitung sämtliche Files erstellt: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 07/09/2014 (Pippin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Pippin (administrator) on PIP on 07-09-2014 19:25:34
Running from C:\Users\Pippin\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Policies\Explorer: [NoDrives] 0x00000000
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218696 2014-07-29] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [222280 2014-07-29] (Sophos Limited)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
U0 msahci; No ImagePath
U3 fxloapow; \??\C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 19:24 - 2014-09-07 19:25 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:23 - 2014-09-07 19:25 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:22 - 2014-09-07 19:25 - 00000000 ____D () C:\FRST
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-04 20:07 - 2014-09-04 20:10 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:33 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 09:33 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-11 20:41 - 2014-09-04 21:53 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-08-11 20:41 - 2014-09-04 21:53 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 19:25 - 2014-09-07 19:24 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:25 - 2014-09-07 19:23 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:25 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin
2014-09-07 19:14 - 2012-11-02 13:43 - 01883270 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-07 19:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-07 19:10 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2014-09-07 19:10 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2014-09-07 19:10 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp
2014-09-04 20:10 - 2014-09-04 20:07 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 23:00 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 23:00 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 23:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 22:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-27 22:49 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 22:21 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-14 20:25 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 20:22 - 2013-02-23 17:19 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 22:31 - 2013-09-02 19:47 - 00000984 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk
2014-08-12 22:31 - 2013-09-02 19:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-12 22:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-10 21:15 - 2013-02-21 06:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:12 - 2012-07-26 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:36 - 2014-01-13 22:54 - 00000000 ____D () C:\Users\Pippin\Documents\My Digital Editions
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
C:\Users\Pippin\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 22:22
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Pippin at 2014-09-07 19:25:59
Running from C:\Users\Pippin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D-Fend Reloaded 1.3.3 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.7.4.317 - Sophos Limited)
Spellforce 2 Gold (HKLM-x32\...\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}) (Version: 1.00.0000 - JoWooD Productions Software AG)
SpellForce 2 Patch (x32 Version: 1.0.0 - JoWood) Hidden
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-06-2014 17:55:50 Geplanter Prüfpunkt
06-07-2014 18:19:04 Windows Update
17-07-2014 18:16:12 Geplanter Prüfpunkt
30-07-2014 20:08:01 Windows Update
13-08-2014 07:33:59 Windows Update
27-08-2014 20:46:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {157FE703-085E-42B4-8226-FA60C8803A12} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C90A4CE-7715-40BF-AD27-57F85AD216EB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {38FD6AC5-0A95-4B51-9B6D-A81689FB8135} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {4B4C7FC8-5693-4386-8779-AFBCACA13E74} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {8EBD91EF-B474-4FA7-9594-CDFEB186531C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B36BC086-5809-4F2D-9D71-F02DE2CAC57D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8512B0D-B80B-4958-AEB1-1DBDE3804D92} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D5327D3B-00E9-48D8-8987-C7E61DBF7AA8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F179B12B-EA30-43EB-9CF8-A460B65185BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {FEFF0835-7777-4C44-8F95-2A90E87027B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
2011-04-14 03:40 - 2011-04-14 03:40 - 00968192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2012-09-07 06:41 - 2012-07-30 13:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe
2012-09-07 06:41 - 2012-07-30 13:27 - 00030592 _____ () C:\Windows\system32\DptfPolicyConfigTDPService.exe
2014-03-19 22:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-09-07 06:39 - 2012-08-15 19:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-11-02 13:31 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-09-07 19:10 - 2014-09-07 19:10 - 00043008 _____ () c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-31 20:30 - 2014-07-31 20:31 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:48862C37
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
System errors:
=============
Error: (08/09/2014 10:00:08 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {46986115-84D6-459C-8F95-52DD653E532E}
Error: (08/09/2014 03:58:32 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
Error: (08/09/2014 03:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/09/2014 03:58:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Laufwerke optimieren erreicht.
Error: (08/09/2014 03:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (08/02/2014 07:13:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:13:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:13:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:12:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.52 MB
Available physical RAM: 2196.08 MB
Total Pagefile: 4685.52 MB
Available Pagefile: 2858.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:112.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:236.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-07 19:42:52
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000041 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: jyff14mu.exe; Driver: C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [3748:4668] fffff9600063a5e8
---- Processes - GMER 2.1 ----
Process C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-07-30 00:20:20) 0000000003bc0000
Library c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-09-07 17:10:42) 0000000004790000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2013-08-23 19:01:44) 0000000068fa0000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006d2f0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Da das (zum Glück) mein erster Post hier ist, bin ich mir nicht ganz sicher, wie viel Informationen benötigt werden. Falls ich das falsch mache, dann entschuldigt das bitte. Vielen Dank schon einmal für die Hilfe. Geändert von Pip2 (07.09.2014 um 19:09 Uhr) |
| Themen zu Finanzamt Trojaner rechtzeitig von Sophos geblockt? |
| fehlercode 0x5, nodrives, office 365, pup.optional.firseria, pup.optional.opencandy, pup.optional.qone8, pup.optional.sweetpage.a, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, win32/adware.adon, win32/downloadsponsor.a, win32/softonicdownloader.a, win32/toolbar.conduit.ai, win32/toolbar.conduit.b, win64/systweak.a |
Baum-Darstellung