|
Log-Analyse und Auswertung: Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.02.2015, 21:45 | #1 |
| Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden Hallo zusammen, ich habe vor ein paar Wochen mein Windows 8 zu Windows 8.1 umgewandelt. Das wurde mir von meinem Computer empfohlen und ich habe mich auch an die Anweisung gehalten. Danach hat mein Sophos-Programm angeschlagen, dass ein Adware/PUA gefunden wurde. Beim Scan des Systems gab es außerdem Fehlermeldungen, dass beim Ordner Windows.old Sachen nicht gefunden wurden. Deshalb wollte ich wissen, ob mein Computer in Gefahr ist oder der PUA rechtzeitig erkannt wurde und was ich mit dem Ordner windows.old machen soll. Hier ist einmal die Übersicht des Protokolls von Sophos, leider weiß ich nicht, wie ich bei Sophos Logfiles erstellen lassen kann. Da es außerdem sonst zu lang wird, habe ich ihn in den Anhang gepostet - leider waren die zahlreichen Zugriffsverweigerungen auf windows.old sogar für den Anhang zu groß, deshalb stark verkürzt nur der letzte Teil. Hier sind jetzt noch die anderen Files: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:01 on 18/02/2015 (Pippin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by Pippin (administrator) on PIP on 18-02-2015 21:04:27 Running from C:\Users\Pippin\Desktop Loaded Profiles: Pippin (Available profiles: UpdatusUser & Pippin) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Windows\System32\DptfParticipantProcessorService.exe () C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-09-18] (Sophos Limited) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] () HKLM-x32\...\Run: [SCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] () HKLM-x32\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218696 2014-10-08] (Sophos Limited) Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-242285392-2585440693-653752246-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-242285392-2585440693-653752246-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: https://www.google.de/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-14] FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] () R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-09-18] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited) S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 21:04 - 2015-02-18 21:05 - 00016980 _____ () C:\Users\Pippin\Desktop\FRST.txt 2015-02-18 21:04 - 2015-02-18 21:04 - 00000000 ____D () C:\FRST 2015-02-18 21:02 - 2015-02-18 21:02 - 02086912 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe 2015-02-18 21:01 - 2015-02-18 21:01 - 00000474 _____ () C:\Users\Pippin\Desktop\defogger_disable.log 2015-02-18 20:59 - 2015-02-18 20:59 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log 2015-02-18 20:59 - 2015-02-18 20:59 - 00000000 _____ () C:\Users\Pippin\defogger_reenable 2015-02-18 20:58 - 2015-02-18 20:58 - 00050477 _____ () C:\Users\Pippin\Desktop\Defogger.exe 2015-02-18 20:54 - 2015-02-18 20:54 - 00156013 _____ () C:\Users\Pippin\Desktop\Sophos.txt 2015-02-18 20:54 - 2015-02-18 20:54 - 00000090 ____H () C:\Users\Pippin\Desktop\.~lock.Sophos.txt# 2015-02-13 22:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-13 22:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-13 22:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-13 22:24 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-13 22:24 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-13 22:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-13 22:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-13 22:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-13 22:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-13 22:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-13 22:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-13 22:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-13 22:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-13 22:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-13 22:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-13 22:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-13 22:23 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-13 22:23 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-13 22:23 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-13 22:23 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-13 22:23 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-13 22:23 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-13 22:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-13 22:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-13 22:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-13 22:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-13 22:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-13 22:23 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-13 22:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-13 22:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-13 22:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-13 22:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-13 22:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-13 22:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-13 22:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-13 22:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-13 22:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-13 22:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-13 22:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-13 22:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-13 22:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-13 22:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-13 22:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-13 22:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-13 22:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-13 22:23 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-13 22:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-13 22:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-13 22:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-13 22:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-13 22:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-13 22:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-13 22:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-13 22:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-13 22:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-13 22:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-13 22:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-13 22:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-13 22:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-13 22:23 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-13 22:23 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-13 22:23 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-12 22:20 - 2015-02-12 22:20 - 00011187 _____ () C:\Users\Pippin\Desktop\Mahler_Rabatt.odt 2015-02-09 21:26 - 2015-02-09 21:26 - 00025600 ___SH () C:\Users\Pippin\Desktop\Thumbs.db 2015-02-09 20:53 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-02-09 20:53 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-02-09 20:40 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-02-09 20:40 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-02-09 20:40 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-02-09 20:40 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-02-09 20:40 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-02-09 20:34 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-09 20:34 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-09 20:33 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-02-09 20:33 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-02-09 20:29 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-02-09 20:29 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-02-09 20:29 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-02-09 20:29 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-02-09 20:28 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-02-09 20:28 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-02-08 17:51 - 2015-02-08 17:51 - 01055936 _____ (Adobe) C:\Users\Pippin\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe 2015-02-08 17:50 - 2015-02-18 20:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-08 17:50 - 2015-02-08 17:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-06 23:43 - 2015-02-06 23:43 - 00001452 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-06 23:42 - 2015-02-06 23:42 - 00000020 ___SH () C:\Users\Pippin\ntuser.ini 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Programme 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-02-06 19:46 - 2015-02-06 19:46 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-06 19:30 - 2015-02-06 19:30 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-06 19:24 - 2015-02-06 19:24 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-06 19:23 - 2015-02-18 20:59 - 00000000 ____D () C:\Users\Pippin 2015-02-06 19:23 - 2015-02-06 19:46 - 00030483 _____ () C:\WINDOWS\diagwrn.xml 2015-02-06 19:23 - 2015-02-06 19:46 - 00030483 _____ () C:\WINDOWS\diagerr.xml 2015-02-06 19:23 - 2015-02-06 19:24 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-06 19:23 - 2015-02-06 19:24 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Vorlagen 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Startmenü 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Netzwerkumgebung 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Lokale Einstellungen 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Eigene Dateien 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Druckumgebung 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Documents\Eigene Musik 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Documents\Eigene Bilder 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Local\Verlauf 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\AppData\Local\Anwendungsdaten 2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 _SHDL () C:\Users\Pippin\Anwendungsdaten 2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-06 19:23 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-06 19:23 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-06 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-06 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-06 19:15 - 2015-02-06 19:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf 2015-02-06 19:15 - 2015-02-06 19:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf 2015-02-06 19:15 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 03426956 _____ () C:\WINDOWS\system32\nvcoproc.bin 2015-02-06 19:15 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-02-06 19:15 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-02-06 19:14 - 2015-02-18 20:49 - 01614812 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-06 19:14 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-02-06 19:14 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-06 19:14 - 2015-02-06 19:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevPch_01009.Wdf 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\Program Files\Realtek 2015-02-06 19:14 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-02-06 19:14 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-02-06 19:13 - 2015-02-06 19:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf 2015-02-06 19:11 - 2015-02-06 23:44 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-06 19:11 - 2015-02-06 19:11 - 00000000 __SHD () C:\Recovery 2015-02-06 19:10 - 2015-02-15 01:05 - 00000000 ____D () C:\Windows.old 2015-02-06 19:09 - 2015-02-06 19:09 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-06 19:09 - 2015-02-06 19:09 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-06 19:09 - 2015-02-06 19:09 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-06 19:09 - 2015-02-06 19:09 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-06 19:09 - 2015-02-06 19:09 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-06 19:08 - 2015-02-06 19:08 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-06 19:08 - 2015-02-06 19:08 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-06 19:08 - 2015-02-06 19:08 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-06 19:08 - 2015-02-06 19:08 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-06 19:08 - 2015-02-06 19:08 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-06 19:08 - 2015-02-06 19:08 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-06 19:08 - 2015-02-06 19:08 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-06 19:08 - 2015-02-06 19:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-06 19:07 - 2015-02-06 19:07 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-06 19:07 - 2015-02-06 19:07 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-06 19:07 - 2015-02-06 19:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-06 19:07 - 2015-02-06 19:07 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-06 19:07 - 2015-02-06 19:07 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-06 19:07 - 2015-02-06 19:07 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-06 19:06 - 2015-02-06 19:06 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-06 19:04 - 2015-02-06 19:04 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-06 19:03 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-06 19:03 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-06 19:03 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-06 19:03 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-06 18:19 - 2015-02-06 19:46 - 00006569 _____ () C:\WINDOWS\comsetup.log 2015-01-26 22:33 - 2015-01-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-24 19:49 - 2015-02-08 17:53 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-01-20 10:03 - 2015-01-20 10:03 - 00000276 _____ () C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url 2015-01-20 10:03 - 2015-01-20 10:03 - 00000000 ____D () C:\Program Files (x86)\Scan Assistant 2015-01-20 10:02 - 2015-01-20 10:02 - 00000000 ____D () C:\Users\Pippin\AppData\Local\S2PC 2015-01-20 10:00 - 2015-01-20 10:02 - 00000385 _____ () C:\WINDOWS\Samsung SCX-3200 Series.txt 2015-01-20 09:59 - 2015-01-20 10:02 - 00000139 _____ () C:\WINDOWS\SScanMgr.log 2015-01-20 09:59 - 2015-01-20 09:59 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\InstallShield 2015-01-20 09:59 - 2015-01-20 09:59 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate 2015-01-20 09:59 - 2011-06-22 04:18 - 00493432 _____ () C:\WINDOWS\ssndii.exe 2015-01-20 09:59 - 2009-10-28 16:20 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4.dll 2015-01-20 09:59 - 2009-10-28 16:20 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2.dll 2015-01-20 09:59 - 2009-10-28 16:20 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4r.dll 2015-01-20 09:59 - 2009-10-28 16:20 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll 2015-01-20 09:59 - 2009-10-28 16:20 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2r.dll 2015-01-20 09:59 - 2009-10-28 16:20 - 00021776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml2a.dll 2015-01-20 09:58 - 2015-01-20 09:58 - 00000000 ____D () C:\WINDOWS\Samsung 2015-01-20 09:58 - 2011-06-10 04:12 - 00143872 _____ () C:\WINDOWS\Wiainst64.exe 2015-01-20 09:56 - 2015-01-20 09:56 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-20 09:41 - 2015-01-20 09:50 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Samsung 2015-01-20 09:40 - 2015-02-06 19:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers 2015-01-20 09:40 - 2015-01-20 09:40 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-20 09:40 - 2014-05-22 14:22 - 02738496 _____ () C:\WINDOWS\TotalUninstaller.exe 2015-01-20 09:38 - 2014-07-03 05:07 - 00000357 _____ () C:\WINDOWS\system32\usp01l.smt 2015-01-20 09:38 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\system32\usp01l.dll 2015-01-20 09:38 - 2013-05-10 10:48 - 00162136 _____ () C:\WINDOWS\system32\usp01ci.exe 2015-01-20 09:38 - 2010-10-20 09:46 - 00089600 _____ (SS) C:\WINDOWS\system32\usp01ci.dll 2015-01-20 09:37 - 2015-01-20 09:37 - 22225776 _____ () C:\Users\Pippin\Downloads\SamsungUniversalPrintDriver2.exe 2015-01-20 09:35 - 2015-01-20 09:35 - 03967320 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.60.40.3.exe 2015-01-20 09:34 - 2015-01-20 09:34 - 04053824 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.70.5.0(1).exe 2015-01-20 09:21 - 2015-01-20 09:21 - 04053824 _____ (SEC) C:\Users\Pippin\Downloads\EWS_V3.70.5.0.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-18 19:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-18 19:39 - 2013-09-02 18:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox 2015-02-18 19:39 - 2013-09-02 18:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox 2015-02-18 19:39 - 2013-02-20 06:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys 2015-02-15 00:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-14 23:36 - 2013-07-10 20:54 - 00000000 _____ () C:\WINDOWS\system32\vireng.log 2015-02-14 23:22 - 2013-02-20 06:15 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-242285392-2585440693-653752246-1002 2015-02-14 20:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-14 20:26 - 2013-08-22 15:46 - 00331044 _____ () C:\WINDOWS\setupact.log 2015-02-14 20:26 - 2013-08-22 15:44 - 00508344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-14 20:09 - 2013-09-15 21:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-14 19:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-14 19:59 - 2013-02-23 16:19 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 22:17 - 2013-09-02 18:47 - 00001069 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk 2015-02-13 22:17 - 2013-09-02 18:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 20:03 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-12 20:03 - 2014-11-21 03:45 - 00773008 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-12 20:03 - 2014-11-21 03:45 - 00162310 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-11 21:19 - 2014-01-13 21:54 - 00000000 ____D () C:\Users\Pippin\Documents\My Digital Editions 2015-02-09 21:26 - 2014-08-11 19:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien 2015-02-09 21:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-02-09 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-02-09 21:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-02-09 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-09 20:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-02-08 17:50 - 2014-07-06 19:28 - 00000000 ____D () C:\Users\Pippin\AppData\Local\Adobe 2015-02-06 23:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-06 23:48 - 2013-02-20 06:07 - 00000000 ____D () C:\Users\Pippin\AppData\Local\Packages 2015-02-06 19:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-06 19:47 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-06 19:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-06 19:42 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-06 19:42 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-06 19:35 - 2012-11-02 12:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-02-06 19:35 - 2012-11-02 12:30 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-02-06 19:32 - 2014-10-25 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-02-06 19:32 - 2014-02-28 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-06 19:32 - 2014-02-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-06 19:32 - 2014-02-16 21:42 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-06 19:32 - 2014-02-16 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-06 19:32 - 2014-01-13 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-02-06 19:32 - 2013-11-30 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH 2015-02-06 19:32 - 2013-10-23 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-02-06 19:32 - 2013-09-17 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2015-02-06 19:32 - 2013-09-02 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-02-06 19:32 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-06 19:32 - 2013-05-05 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-02-06 19:32 - 2013-04-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded 2015-02-06 19:32 - 2013-02-23 22:40 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-06 19:32 - 2013-02-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-02-06 19:32 - 2013-02-23 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-02-06 19:32 - 2013-02-23 20:59 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in 2015-02-06 19:32 - 2013-02-22 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2015-02-06 19:32 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2015-02-06 19:30 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-02-06 19:30 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-06 19:29 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-06 19:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-06 19:29 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-06 19:29 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-06 19:29 - 2012-11-02 12:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2015-02-06 19:28 - 2014-01-15 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-02-06 19:28 - 2014-01-13 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo 2015-02-06 19:28 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-06 19:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-06 19:28 - 2013-06-20 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellForce 2015-02-06 19:28 - 2013-06-19 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD 2015-02-06 19:28 - 2013-03-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-02-06 19:28 - 2013-02-21 05:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-02-06 19:28 - 2012-11-02 12:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD 2015-02-06 19:28 - 2012-08-02 14:28 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-06 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-02-06 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-06 19:24 - 2013-06-20 19:57 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpellForce 2015-02-06 19:12 - 2014-11-20 19:24 - 00004712 _____ () C:\WINDOWS\PFRO.log 2015-02-06 19:10 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-06 19:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-06 18:50 - 2012-11-02 12:43 - 01191334 _____ () C:\WINDOWS\WindowsUpdate (1).log 2015-02-06 17:43 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-05 20:50 - 2014-10-26 22:15 - 00000000 ____D () C:\Users\Pippin\Documents\FMC II 2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 20:10 - 2013-03-03 18:48 - 00000099 _____ () C:\Users\Public\LMDebug.log 2015-01-28 19:39 - 2013-02-21 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 10:02 - 2012-11-02 12:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-20 09:46 - 2015-01-16 21:53 - 00009216 _____ () C:\Users\Pippin\Desktop\Spiele_Palaver.xls ==================== Files in the root of some directories ======= 2013-02-20 06:10 - 2015-02-18 19:39 - 0000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys 2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd Some content of TEMP: ==================== C:\Users\Pippin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-18 19:38 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01 Ran by Pippin at 2015-02-18 21:06:15 Running from C:\Users\Pippin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS) calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal) Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.) Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.) Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) D-Fend Reloaded 1.3.3 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog) Dropbox (HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation) Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.) Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyDriveConnect 3.3.0.1756 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.) Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.) Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.12 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited) Spellforce 2 Gold (HKLM-x32\...\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}) (Version: 1.00.0000 - JoWooD Productions Software AG) SpellForce 2 Patch (x32 Version: 1.0.0 - JoWood) Hidden TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software) TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 09-02-2015 20:47:54 Windows Update 12-02-2015 19:52:19 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2014-09-10 18:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {157FE703-085E-42B4-8226-FA60C8803A12} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek) Task: {18B454E9-1852-4971-A415-32C148D32A2D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated) Task: {1C90A4CE-7715-40BF-AD27-57F85AD216EB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] () Task: {38FD6AC5-0A95-4B51-9B6D-A81689FB8135} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {4B4C7FC8-5693-4386-8779-AFBCACA13E74} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {5BD083D4-7E75-420F-AE18-9D8F911B215A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {A30D60B4-EA6D-4ABF-8E49-60C40351B6FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {B8512B0D-B80B-4958-AEB1-1DBDE3804D92} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {D5327D3B-00E9-48D8-8987-C7E61DBF7AA8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {F8BB1DAA-AB35-4A6B-893C-6CC20D3C3884} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-14] (Microsoft Corporation) Task: {FEFF0835-7777-4C44-8F95-2A90E87027B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 09:38 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll 2011-04-14 02:40 - 2011-04-14 03:40 - 00968192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssb3mdu.dll 2014-03-19 21:46 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-09-07 05:41 - 2012-07-30 12:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe 2012-09-07 05:41 - 2012-07-30 12:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe 2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-02-06 19:15 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-11-02 12:31 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2015-01-26 22:33 - 2015-01-26 22:33 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-18 19:39 - 2015-02-18 19:39 - 00043008 _____ () c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:48862C37 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-242285392-2585440693-653752246-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TomTomHOMEService => 2 MSCONFIG\Services: TuneUp.Defrag => 3 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 MSCONFIG\Services: UxTuneUp => 2 HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "3200 Scan2PC" HKLM\...\StartupApproved\Run32: => "SCX3200_Scan2Pc" HKLM\...\StartupApproved\Run32: => "Samsung PanelMgr" ==================== Accounts: ============================= Administrator (S-1-5-21-242285392-2585440693-653752246-500 - Administrator - Disabled) Gast (S-1-5-21-242285392-2585440693-653752246-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-242285392-2585440693-653752246-1013 - Limited - Enabled) Pippin (S-1-5-21-242285392-2585440693-653752246-1002 - Administrator - Enabled) => C:\Users\Pippin SophosSAUPIP0 (S-1-5-21-242285392-2585440693-653752246-1011 - Limited - Enabled) UpdatusUser (S-1-5-21-242285392-2585440693-653752246-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/18/2015 07:48:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073422302 Error: (02/06/2015 05:10:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (02/05/2015 07:06:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (02/04/2015 06:27:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] System errors: ============= Error: (02/18/2015 07:39:51 PM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/18/2015 07:39:21 PM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/15/2015 01:02:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105. Error: (02/15/2015 00:24:52 PM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume4\Windows.old\Users\Pippin\AppData\Local\temp\nsmACAC.tmp\InstallMgr.exe durchführen. Error: (02/15/2015 00:21:25 PM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume4\Windows.old\Users\Pippin\AppData\Local\temp\nsmACAC.tmp\InstallMgr.exe durchführen. Error: (02/15/2015 05:13:22 AM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/15/2015 05:12:52 AM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/14/2015 11:23:46 PM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/14/2015 11:23:16 PM) (Source: DCOM) (EventID: 10010) (User: Pip) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/14/2015 08:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (02/18/2015 07:48:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073422302 Error: (02/06/2015 05:10:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/06/2015 05:00:29 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (02/05/2015 07:06:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/05/2015 06:57:18 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (02/04/2015 06:27:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (02/04/2015 06:17:32 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] CodeIntegrity Errors: =================================== Date: 2014-09-10 19:59:23.084 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz Percentage of memory in use: 56% Total physical RAM: 3981.53 MB Available physical RAM: 1725.23 MB Total Pagefile: 5389.53 MB Available Pagefile: 3123.57 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:131.78 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:237.01 GB) NTFS Drive e: (SAMSUNG_MFP) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36) Partition: GPT Partition Type. ==================== End Of Log ============================ - C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. - C:\Users\Pippin\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-18 21:22:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB Running: kx1ymsb1.exe; Driver: C:\Users\Pippin\AppData\Local\Temp\fxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffbe7eb3e10 7 bytes JMP 00007ffce7bb02d0 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffbe7eb3e20 7 bytes JMP 00007ffce7bb0308 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffbe7f639b0 7 bytes JMP 00007ffce7bb03b0 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffbe7f63ef0 7 bytes JMP 00007ffce7bb0340 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffbe7f63fe0 7 bytes JMP 00007ffce7bb0378 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffbe7f906c0 7 bytes JMP 00007ffce7bb0228 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffbe7f90730 3 bytes JMP 00007ffce7bb0298 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW + 4 00007ffbe7f90734 3 bytes [FF, CC, CC] .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffbe7f90760 7 bytes JMP 00007ffce7bb0260 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffbe7bc21d0 5 bytes JMP 00007ffce7bb0180 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffbe7bc29d0 7 bytes JMP 00007ffce7bb00d8 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffbe7bc4310 5 bytes JMP 00007ffce7bb0110 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffbe7bc8d80 5 bytes JMP 00007ffce7bb0148 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffbea486d90 10 bytes JMP 00007ffce7bb0490 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffbea4974a0 5 bytes JMP 00007ffce7bb0458 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffbea497560 1 byte JMP 00007ffce7bb03e8 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffbea497562 7 bytes {JMP 0xfffffffffd718e88} .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffbea4a6b10 5 bytes JMP 00007ffce7bb0420 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffbe9d11500 8 bytes JMP 00007ffce7bb01b8 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffbe9d11750 8 bytes JMP 00007ffce7bb01f0 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ffbe3c87750 5 bytes JMP 00007ffce3b000d8 .text C:\WINDOWS\System32\dwm.exe[3592] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ffbe3c88ee0 5 bytes JMP 00007ffce3b00110 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [992:4552] fffff960009212d0 Thread C:\WINDOWS\Explorer.EXE [1000:776] 00007ffbe4fde630 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:2916] 0000000000e2a3da Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3548] 0000000000dda980 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5064] 0000000000dc2850 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1808] 0000000000dbcbf0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:4268] 0000000000de5150 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:4920] 0000000000de5240 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3340] 00000000562b4190 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1636] 00000000562b4ab0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:1256] 00000000562c82d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:3276] 00000000562c8430 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5176] 00000000562c5a60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4000:5464] 0000000000dbe6f0 ---- Processes - GMER 2.1 ---- Process C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (FILE NOT FOUND) 0000000000400000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006ca10000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c6e0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c2f0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:30) 000000006c0c0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004220000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000 Library c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5axku.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-18 18:39:23) 0000000003db0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067810000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000064fb0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000675f0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067390000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067360000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:30) 0000000067350000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000672d0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067230000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067170000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:28) 0000000064ac0000 Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [4592](2015-02-10 21:00:28) 0000000064a80000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Ich bedanke mich schon einmal jetzt für jede Hilfe und Tipps - seit ich Windows 8 habe, scheint mein Computer sehr viel anfälliger zu sein für Viren oder Trojaner. Falls es speziell für Windows 8 einen besseren Schutz oder besondere Hinweise gibt, dann bitte auch die schreiben. Danke |
19.02.2015, 06:12 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden Hi,
__________________sieht eigentlich gut aus. Windows.old ist das alte Windows 8. Wenn Du aus dem Ordner keine privaten Daten mehr brauchst (Benutzer > Dokumente, Musik, Videos) den kompletten Ordner über die Windows Datenträgerbereinigung löschen.
__________________ |
21.02.2015, 15:50 | #3 |
| Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden Hallo,
__________________entschuldige bitte die späte Antwort. Das beruhigt mich erst mal, dass es ganz gut aussieht. Der Windows.old Ordner ließ sich nicht alleine durch Datenträgerbereinigung entfernen, ich habe dann noch manuell nachgeholfen. Mein Sophos hat sich immer wieder beschwert wegen dem APU-Fund. Da allerdings nach wie vor nur einer in Quarantäne ist, nehme ich an, dass ist immer noch der gleiche. Trotzdem habe ich nach dem manuellen Löschen direkt auch den Papierkorb geleert. Seitdem habe ich (bis jetzt) tatsächlich auch Ruhe und halt einen Fund mehr in Quarantäne. Ich würde trotzdem gerne noch ein paar Tage den Thread offen lassen, falls er zurück kommt. Oder ist es normal, dass ein Antivirenprogramm immer wieder wegen des gleichen Funds anschlägt? Vielen Dank schon einmal. |
22.02.2015, 08:35 | #4 |
/// the machine /// TB-Ausbilder | Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden Solange der Fund an der Stelle da ist wird auch immer wieder gemeckert . Thread bleibt eh offen, teste ein paar Tage und melde dich wieder
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8.1: nach Update Adware/PUA Fund und Windows.old nicht gefunden |
adobe, browser, canon, combofix, computer, defender, explorer, failed, firefox, flash player, home, homepage, installation, monitor, mozilla, office 365, prozess, realtek, registry, scan, schutz, security, services.exe, software, svchost.exe, warnung, windows, windows.old |