|
Log-Analyse und Auswertung: Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.05.2015, 20:44 | #1 |
| Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Hallo zusammen. Seit einiger Zeit tauchen unter Win 7 im Laufwerk C und E immer wieder leere Ordner auf, die ähnlich dem folgenden Beispiel benannt sind: "d73b84760ee2fca97140f3fb2e644626". Mein Virenprogramm (Sophos) findet aber nichts. Das Sophos Virus Removal Tool findet auch nichts. Vor kurzem hat mein Virenprogramm (Sophos) auf einem meiner USB Sticks einen Fund gemacht: Mal/EncPK-LL. Stehen die Ordner und Mal/EncPK-LL im Zusammenhang. Verbirgt sich hinter den neuen Ordnern ein Virus/Trojaner etc? Anbei die Logs: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by Mathias (administrator) on MATHIAS-PC on 25-05-2015 22:52:37 Running from C:\Users\Mathias\Downloads Loaded Profiles: Mathias (Available Profiles: Mathias) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe (Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Samsung Electronics Co., Ltd.) E:\Programme\Kies\KiesTrayAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Mathias\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => E:\Programme\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-25] (Sophos Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-20] (Cisco Systems, Inc.) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesPreload] => E:\Programme\Kies\Kies.exe [1562264 2014-07-25] (Samsung) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesAirMessage] => E:\Programme\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [] => E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) AppInit_DLLs: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~2.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-25] (Sophos Limited) AppInit_DLLs-x32: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~1.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-25] (Sophos Limited) Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-14] ShortcutTarget: Dropbox.lnk -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme\Java\Java 131017\bin\ssv.dll [2014-07-25] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme\Java\Java 131017\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1056725909-2084768229-584163529-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://asa01.lrz.de/CACHE/stc/1/binaries/vpnweb.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 41.213.217.9 41.213.128.81 FireFox: ======== FF ProfilePath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default FF Homepage: hxxp://www.spiegel.de/ FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz.de./" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems) FF Extension: Grooveshark Unlocker - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-06-01] FF Extension: Adblock Plus - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-08] (Adobe Systems Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-12] () [] R2 SAVAdminService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-25] (Sophos Limited) R2 SAVService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe [205096 2014-05-25] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-25] (Sophos Limited) R2 Sophos Web Control Service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-25] (Sophos Limited) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] R2 swi_service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-25] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-25] (Sophos Limited) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-25] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-25] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-25] (Sophos Limited) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 22:52 - 2015-05-25 22:53 - 00021448 _____ () C:\Users\Mathias\Downloads\FRST.txt 2015-05-25 22:51 - 2015-05-25 22:52 - 00000000 ____D () C:\FRST 2015-05-25 22:46 - 2015-05-25 22:46 - 02108928 _____ (Farbar) C:\Users\Mathias\Downloads\FRST64.exe 2015-05-25 22:45 - 2015-05-25 22:45 - 00000476 _____ () C:\Users\Mathias\Downloads\defogger_disable.log 2015-05-25 22:45 - 2015-05-25 22:45 - 00000000 _____ () C:\Users\Mathias\defogger_reenable 2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe 2015-05-25 21:39 - 2015-05-25 21:40 - 00000000 ____D () C:\5effba31ddb0c47ee6e93b7588c275 2015-05-25 21:37 - 2015-05-25 21:38 - 00000000 ____D () C:\37d9100b4c74c0d4a631a50e3ec8ee04 2015-05-25 21:33 - 2015-05-25 21:34 - 00000000 ____D () C:\d17795a0d34789817551 2015-05-25 21:23 - 2015-05-25 21:28 - 00000000 ____D () C:\2f541fd6bfe3f3be7096b1f96629d7e9 2015-05-25 21:20 - 2015-05-25 21:20 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-05-09 15:15 - 2015-05-09 15:15 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe 2015-05-07 14:13 - 2015-05-07 14:14 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203(1).exe 2015-05-07 14:01 - 2015-05-07 14:01 - 00464381 ____N () C:\Users\Mathias\Downloads\SpyHunterKiller.exe 2015-05-07 13:55 - 2015-05-07 13:55 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203.exe 2015-05-07 02:07 - 2015-05-07 02:07 - 00017236 _____ () C:\Users\Mathias\Downloads\http _www.international.tum.de_auslandsaufenthalte_studierende_stipendien_.htm 2015-05-06 17:30 - 2015-05-06 17:30 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2015-05-06 17:16 - 2015-05-06 17:16 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2015-05-06 17:13 - 2015-05-06 17:14 - 119275136 _____ (Sophos Limited) C:\Users\Mathias\Downloads\Sophos Virus Removal Tool.exe 2015-05-04 17:14 - 2015-05-07 16:49 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC 2015-05-04 10:52 - 2015-05-04 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-04-26 20:20 - 2015-04-26 20:20 - 00000000 ____D () C:\Users\Mathias\Documents\remote sample 2015-04-26 19:15 - 2015-04-26 19:20 - 00000000 ____D () C:\Users\Mathias\Desktop\FACS 2015-04-26 16:50 - 2015-04-26 16:52 - 00000000 ____D () C:\db0d7dba81acf584437d15b8 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-25 22:48 - 2010-11-21 10:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2015-05-25 22:48 - 2010-11-21 10:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2015-05-25 22:48 - 2009-07-14 09:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-25 22:45 - 2013-03-01 21:38 - 00000000 ____D () C:\Users\Mathias 2015-05-25 22:25 - 2015-04-22 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-25 22:17 - 2013-03-06 22:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-25 22:09 - 2013-04-01 12:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-25 22:05 - 2013-03-01 19:24 - 01324735 ____N () C:\Windows\WindowsUpdate.log 2015-05-25 21:51 - 2013-05-15 15:39 - 00000000 ____D () C:\Windows\Minidump 2015-05-25 21:41 - 2013-03-02 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-25 21:15 - 2013-04-01 12:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 21:13 - 2013-03-20 02:24 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Skype 2015-05-24 12:25 - 2014-01-17 18:29 - 00001025 _____ () C:\Users\Mathias\Desktop\Dropbox.lnk 2015-05-24 12:25 - 2014-01-17 18:29 - 00000000 ___RD () C:\Users\Mathias\Dropbox 2015-05-24 12:25 - 2014-01-17 18:27 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-24 12:25 - 2014-01-17 18:26 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Dropbox 2015-05-24 11:52 - 2014-10-24 16:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-24 11:43 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-23 19:04 - 2013-04-01 12:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-23 19:04 - 2013-04-01 12:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-08 14:59 - 2013-03-02 22:00 - 00000000 ____D () C:\Users\Mathias\AppData\Local\Adobe 2015-05-07 14:07 - 2014-11-14 17:04 - 00000000 ____D () C:\AdwCleaner 2015-05-07 09:44 - 2009-07-14 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-05-07 06:43 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\rescache 2015-05-07 05:35 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\AppCompat 2015-05-07 05:34 - 2014-10-24 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-07 05:30 - 2013-03-18 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-07 05:26 - 2014-12-17 23:45 - 00000000 ____D () C:\Windows\system32\appraiser 2015-05-07 05:26 - 2014-05-02 17:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-05-07 02:42 - 2015-01-30 21:17 - 00000000 ____D () C:\Users\Mathias\Desktop\Louis 2015-05-06 21:28 - 2013-03-02 22:33 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-05-06 21:28 - 2013-03-02 22:33 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-05-06 21:28 - 2013-03-02 22:33 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2015-05-06 21:28 - 2013-03-02 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-05-06 17:17 - 2013-03-02 19:39 - 00000000 ____D () C:\ProgramData\Sophos 2015-05-06 17:16 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-06 17:16 - 2014-05-25 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-05 18:17 - 2014-10-24 17:06 - 00000000 ____D () C:\Users\Mathias\Documents\Benutzerdefinierte Office-Vorlagen 2015-05-05 11:55 - 2013-03-22 00:35 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\FlowJo7 2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\ProgramData\Cisco 2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-04-26 20:35 - 2013-03-22 11:16 - 00007356 _____ () C:\Users\Mathias\Documents\FlowJo75.prefs ==================== Files in the root of some directories ======= 2013-11-30 18:27 - 2013-11-30 18:27 - 0000132 _____ () C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs 2013-06-09 15:28 - 2014-04-02 18:49 - 0037527 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2013-04-18 02:28 - 2014-10-24 16:14 - 0037049 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-10-24 16:18 - 2014-10-24 16:18 - 0038428 _____ () C:\Users\Mathias\AppData\Roaming\Microsoft Excel 97-2003.ADR 2014-01-21 19:10 - 2014-01-21 19:10 - 0007605 _____ () C:\Users\Mathias\AppData\Local\Resmon.ResmonCfg 2013-03-07 17:33 - 2014-11-06 17:29 - 0003686 _____ () C:\Users\Mathias\AppData\Local\STAR.trace Some files in TEMP: ==================== C:\Users\Mathias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 13:09 ==================== End of log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Mathias at 2015-05-25 22:54:09 Running from C:\Users\Mathias\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1056725909-2084768229-584163529-500 - Administrator - Disabled) Gast (S-1-5-21-1056725909-2084768229-584163529-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1056725909-2084768229-584163529-1007 - Limited - Enabled) Mathias (S-1-5-21-1056725909-2084768229-584163529-1000 - Administrator - Enabled) => C:\Users\Mathias SophosSAUMATHIAS-PC0 (S-1-5-21-1056725909-2084768229-584163529-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Brother MFL-Pro Suite DCP-585CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Dropbox (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) FlowJo 7.6.5 (HKLM-x32\...\FlowJo 7.6.5) (Version: 1.0.0.0 - Tree Star Inc) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle) Lasergene 8 v8.0.3 (HKLM-x32\...\Lasergene 8) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0407-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\MyFreeCodec) (Version: - ) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden RTCA Data Analysis Software 1.0 (HKLM-x32\...\RTCA Data Analysis Software 1.0) (Version: 1.0 - ACEA Biosciences, Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited) Spotify (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-05-2015 13:17:40 Geplanter Prüfpunkt 25-05-2015 21:15:23 Windows Update 25-05-2015 21:16:43 AusweisApp2 wird entfernt 25-05-2015 21:21:05 AusweisApp2 wird entfernt 25-05-2015 21:23:12 AusweisApp2 wird entfernt ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05C64329-04D9-4A2F-B7EC-4DC6D8EC4435} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {12AE105B-6B27-4ED2-AAD6-DBDD7BA31934} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {18E3324B-DE2D-4897-A440-6963BA15CE97} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-23] (Microsoft Corporation) Task: {2651AF7E-97A3-4088-A78E-6BC3C44E4ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.) Task: {2E2E3A18-4C6E-4279-A680-8F5468DFE8D2} - System32\Tasks\AdobeAAMUpdater-1.0-Mathias-PC-Mathias => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {39E20224-2CE6-4DED-8816-E60DC8B90142} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {42BC2640-FDA5-408B-9A39-1529DDF84958} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.) Task: {5A15AD4D-CB22-4287-B390-002ED32813B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {74397E07-01D4-4EDD-BDC3-DCE4FCB6491F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {7665637C-69F8-4661-BCCE-C2410E74155F} - System32\Tasks\{11DD2FFE-B8D9-428F-9D2D-6475F0BB8BBA} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {8E6246F7-C380-4813-8158-7EEA9CBEA709} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {8F484A82-104A-4B05-A46B-0461547107A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {9819AC56-FA50-450D-A00A-CACAD1772015} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation) Task: {B5628888-0466-4560-895D-44B750E74763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {DE376CFC-D730-4E6A-99DA-8B388DDFD1D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation) Task: {EAD0E95C-9823-4281-9D2F-4B26437CBF82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-12-19 18:57 - 2014-12-19 18:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2010-03-11 05:35 - 2010-03-11 05:35 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll 2014-11-22 04:03 - 2014-11-22 04:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-12-19 18:57 - 2014-12-19 18:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2014-10-24 16:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe 2014-12-03 22:07 - 2014-12-03 22:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu 2013-10-24 13:58 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2015-01-08 00:27 - 2015-01-08 00:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll 2015-01-08 00:27 - 2015-01-08 00:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll 2015-01-08 00:27 - 2015-01-08 00:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll 2015-05-24 12:25 - 2015-05-24 12:25 - 00043008 ____N () c:\users\mathias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Mathias\Cookies:1OnSYooKl3so4AJ3nX AlternateDataStreams: C:\Users\Mathias\Desktop\Hörbücher:com.dropbox.attributes AlternateDataStreams: C:\Users\Mathias\Desktop\Louis:com.dropbox.attributes AlternateDataStreams: C:\Users\Mathias\Desktop\STEX Bücher ALLEX.zip:com.dropbox.attributes AlternateDataStreams: C:\Users\Mathias\AppData\Local\Temporary Internet Files:N32bT7yqK0E1LrzUSdcuHKpU ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 41.213.217.9 - 41.213.128.81 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{9BD7C0B4-42D3-4708-8DFE-5783FD571E43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{B0F772A7-A46F-4ACB-9E05-FC83DF5EB2F9}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe FirewallRules: [UDP Query User{E50EB4D8-B45E-4D0D-A5FE-0180CC1D06F7}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe FirewallRules: [TCP Query User{0A31F420-0516-4C87-81B5-AB6EC7525979}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EA45355D-D9DE-49ED-9349-41A505AB5D67}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C4A5806F-97CC-453E-AC8E-A491D7D106BD}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{FF369288-E255-4E47-A0A8-CC713D53DA8E}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{6610392F-BDFC-42C8-A0B3-1CA3F3214F01}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe FirewallRules: [UDP Query User{0B4FBD54-604F-4ED6-9EAC-2D3A17772345}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe FirewallRules: [{BF51BA1B-967C-4138-AFD2-8A8C872681EC}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{AFB6A2B4-D928-4D1E-A994-D8D61D664F6D}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{91C9AFC8-D922-4B49-89A7-C4B977941F70}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{781FF156-135D-40A8-8738-D19CAD48C93B}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{F12A3783-8F13-42A4-A372-1EA6AD22FE3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{27B2E2B1-CD16-420A-9E38-324D100CB03B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{39511734-43A7-4A3D-BC5D-6F098B763F57}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{B33169E0-F02C-4164-875F-A2EE9EECFEE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D0CB4AE7-C446-4D3B-9796-564518A4892E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{008ED943-1E08-4FBD-B0E9-D0D0424973F8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{54871ACF-9DAC-4B79-85CE-5B29F0C8C7FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{690F32E8-1050-4DD0-8B75-DEC0F61E90AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{6CE26FC4-284D-4FB4-B79B-D924EC2BBCFD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 09:40:22 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3037581" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3037581_20150525_213914945-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten. Error: (05/25/2015 09:38:14 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB2898869" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2898869_20150525_213736816-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten. Error: (05/25/2015 09:34:16 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3035490" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3035490_20150525_213334699-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten. Error: (05/25/2015 09:28:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485933 Error: (05/25/2015 09:28:17 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {9F2FD6CA-5D3A-4849-A0E2-91F7C8E62C7D} Error: (05/25/2015 09:28:13 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3023224" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3023224_20150525_212428974-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten. Error: (05/25/2015 09:14:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Skype.exe, Version 7.0.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 364 Startzeit: 01d095f58ac8bcf9 Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe Berichts-ID: Error: (05/25/2015 09:14:21 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (05/24/2015 01:10:22 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (05/24/2015 11:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/25/2015 09:45:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Microsoft Office: ========================= Error: (09/29/2014 02:10:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1469004 seconds with 6240 seconds of active time. This session ended with a crash. Error: (09/10/2014 02:47:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 35044 seconds with 360 seconds of active time. This session ended with a crash. Error: (09/05/2014 01:35:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5190 seconds with 1680 seconds of active time. This session ended with a crash. Error: (08/26/2014 07:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 545639 seconds with 22800 seconds of active time. This session ended with a crash. Error: (04/03/2014 10:22:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 178862 seconds with 1080 seconds of active time. This session ended with a crash. Error: (12/23/2013 10:05:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 543210 seconds with 8820 seconds of active time. This session ended with a crash. Error: (11/15/2013 06:57:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 608219 seconds with 4260 seconds of active time. This session ended with a crash. Error: (09/03/2013 11:11:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 444283 seconds with 1620 seconds of active time. This session ended with a crash. Error: (08/27/2013 02:03:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 430941 seconds with 240 seconds of active time. This session ended with a crash. Error: (05/27/2013 04:58:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 120 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz Percentage of memory in use: 53% Total physical RAM: 4063.03 MB Available physical RAM: 1876.46 MB Total Pagefile: 8124.25 MB Available Pagefile: 5268.27 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:228.84 GB) (Free:143.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Volume) (Fixed) (Total:226.72 GB) (Free:134.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4DC0A6C6) Partition 1: (Not Active) - (Size=10.2 GB) - (Type=27) Partition 2: (Active) - (Size=228.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=226.7 GB) - (Type=07 NTFS) ==================== End of log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-05-25 23:27:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9SA00 rev.PB4OC64G 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\pwtiifow.sys ---- User code sections - GMER 2.1 ---- .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll .text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000769c1870 5 bytes JMP 000000016fff00d8 .text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076a3f510 8 bytes JMP 000000016fff0110 .text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd987490 11 bytes JMP 000007fffd5b00d8 .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 779 000007fef9d5d517 1 byte [D5] .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 796 000007fef9d5d528 1 byte [50] .text ... * 4 .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 40 000007fef9df9734 5 bytes [48, 85, C0, 74, 06] .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 46 000007fef9df973a 76 bytes {ROL BYTE [RBP+0x481178c0], 0x1; LEA ECX, [RIP+0xde90a]; XOR R8D, R8D; XOR EDX, EDX; CALL 0xfffffffffff68ed2} .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 35 000007fef9df9787 29 bytes {SUB BL, 0x53; TEST RCX, RCX; JNZ 0xf; MOV EAX, 0xffffffff80070057; JMP 0x56} .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 65 000007fef9df97a5 69 bytes [44, 24, 30, 41, B9, 02, 00, ...] .text ... * 26 .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 126 000007fef9dfd592 1 byte [8D] .text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 129 000007fef9dfd595 1 byte [28] .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955 0x3F 0x5F 0x19 0x4D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955 0x3F 0x5F 0x19 0x4D ... ---- EOF - GMER 2.1 ---- Wäre sehr dankbar um Hilfe Grüße |
26.05.2015, 05:55 | #2 |
/// the machine /// TB-Ausbilder | Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? hi,
__________________sitzt du irgendwo am indischen Ozean?
__________________ |
26.05.2015, 13:43 | #3 |
| Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Ja. Noch für die nächsten drei Monate.
__________________ |
27.05.2015, 06:54 | #4 |
/// the machine /// TB-Ausbilder | Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Ok, das erklärt die IP Ordner sind von Windows Update
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2015, 11:06 | #5 |
| Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Dann bin ich ja beruhigt. Vielen Dank für deine Hilfe. Kann ich den defogger wieder re-enablen? Da ich auf dem Stick einen Mal/EncPK-LL gefunden hab, hatte ich mir leichtsinnigerweise Spyhunter runtergeladen. Habe es mit einiger Mühe wieder geschafft, Spyhunter zu entfernen. Kannst du mir da was drüber sagen? Handelt es sich bie Spyhunter um Maleware? Vielen Dank und beste Grüße Mateo |
27.05.2015, 18:35 | #6 |
/// the machine /// TB-Ausbilder | Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Spyhunter ist nit wirklich Malware, es ist eher Fake. Du sollst zum Entfernen der Funde zahlen, die Funde sind aber in der Regel keine echten Funde
__________________ --> Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? |
28.05.2015, 11:42 | #7 |
| Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Vielen Dank für deine Hilfe |
28.05.2015, 20:05 | #8 |
/// the machine /// TB-Ausbilder | Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? |
adware, antivir, browser, cpu, desktop, excel, failed, firefox, flash player, format, google, homepage, monitor, mozilla, office 365, programm, registry, security, services.exe, software, svchost.exe, system, udp, usb, virus, windows |