Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.05.2015, 20:44   #1
MateoRom
 
Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Hallo zusammen.

Seit einiger Zeit tauchen unter Win 7 im Laufwerk C und E immer wieder leere Ordner auf, die ähnlich dem folgenden Beispiel benannt sind:
"d73b84760ee2fca97140f3fb2e644626".
Mein Virenprogramm (Sophos) findet aber nichts. Das Sophos Virus Removal Tool findet auch nichts.

Vor kurzem hat mein Virenprogramm (Sophos) auf einem meiner USB Sticks einen Fund gemacht: Mal/EncPK-LL.

Stehen die Ordner und Mal/EncPK-LL im Zusammenhang. Verbirgt sich hinter den neuen Ordnern ein Virus/Trojaner etc?

Anbei die Logs:

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Mathias (administrator) on MATHIAS-PC on 25-05-2015 22:52:37
Running from C:\Users\Mathias\Downloads
Loaded Profiles: Mathias (Available Profiles: Mathias)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Samsung Electronics Co., Ltd.) E:\Programme\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Mathias\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => E:\Programme\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-25] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-20] (Cisco Systems, Inc.)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesPreload] => E:\Programme\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesAirMessage] => E:\Programme\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [] => E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
AppInit_DLLs: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~2.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-25] (Sophos Limited)
AppInit_DLLs-x32: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~1.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-25] (Sophos Limited)
Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme\Java\Java 131017\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme\Java\Java 131017\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1056725909-2084768229-584163529-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://asa01.lrz.de/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 41.213.217.9 41.213.128.81

FireFox:
========
FF ProfilePath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default
FF Homepage: hxxp://www.spiegel.de/
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz.de./"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Extension: Grooveshark Unlocker - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-08] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-12] () []
R2 SAVAdminService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-25] (Sophos Limited)
R2 SAVService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe [205096 2014-05-25] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-25] (Sophos Limited)
R2 Sophos Web Control Service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-25] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 swi_service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-25] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-25] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-25] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-25] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-25] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 22:52 - 2015-05-25 22:53 - 00021448 _____ () C:\Users\Mathias\Downloads\FRST.txt
2015-05-25 22:51 - 2015-05-25 22:52 - 00000000 ____D () C:\FRST
2015-05-25 22:46 - 2015-05-25 22:46 - 02108928 _____ (Farbar) C:\Users\Mathias\Downloads\FRST64.exe
2015-05-25 22:45 - 2015-05-25 22:45 - 00000476 _____ () C:\Users\Mathias\Downloads\defogger_disable.log
2015-05-25 22:45 - 2015-05-25 22:45 - 00000000 _____ () C:\Users\Mathias\defogger_reenable
2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe
2015-05-25 21:39 - 2015-05-25 21:40 - 00000000 ____D () C:\5effba31ddb0c47ee6e93b7588c275
2015-05-25 21:37 - 2015-05-25 21:38 - 00000000 ____D () C:\37d9100b4c74c0d4a631a50e3ec8ee04
2015-05-25 21:33 - 2015-05-25 21:34 - 00000000 ____D () C:\d17795a0d34789817551
2015-05-25 21:23 - 2015-05-25 21:28 - 00000000 ____D () C:\2f541fd6bfe3f3be7096b1f96629d7e9
2015-05-25 21:20 - 2015-05-25 21:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-09 15:15 - 2015-05-09 15:15 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-05-07 14:13 - 2015-05-07 14:14 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203(1).exe
2015-05-07 14:01 - 2015-05-07 14:01 - 00464381 ____N () C:\Users\Mathias\Downloads\SpyHunterKiller.exe
2015-05-07 13:55 - 2015-05-07 13:55 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203.exe
2015-05-07 02:07 - 2015-05-07 02:07 - 00017236 _____ () C:\Users\Mathias\Downloads\http _www.international.tum.de_auslandsaufenthalte_studierende_stipendien_.htm
2015-05-06 17:30 - 2015-05-06 17:30 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-06 17:16 - 2015-05-06 17:16 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-06 17:13 - 2015-05-06 17:14 - 119275136 _____ (Sophos Limited) C:\Users\Mathias\Downloads\Sophos Virus Removal Tool.exe
2015-05-04 17:14 - 2015-05-07 16:49 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC
2015-05-04 10:52 - 2015-05-04 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-04-26 20:20 - 2015-04-26 20:20 - 00000000 ____D () C:\Users\Mathias\Documents\remote sample
2015-04-26 19:15 - 2015-04-26 19:20 - 00000000 ____D () C:\Users\Mathias\Desktop\FACS
2015-04-26 16:50 - 2015-04-26 16:52 - 00000000 ____D () C:\db0d7dba81acf584437d15b8

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 22:48 - 2010-11-21 10:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-25 22:48 - 2010-11-21 10:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-25 22:48 - 2009-07-14 09:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 22:45 - 2013-03-01 21:38 - 00000000 ____D () C:\Users\Mathias
2015-05-25 22:25 - 2015-04-22 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 22:17 - 2013-03-06 22:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 22:09 - 2013-04-01 12:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 22:05 - 2013-03-01 19:24 - 01324735 ____N () C:\Windows\WindowsUpdate.log
2015-05-25 21:51 - 2013-05-15 15:39 - 00000000 ____D () C:\Windows\Minidump
2015-05-25 21:41 - 2013-03-02 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-25 21:15 - 2013-04-01 12:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 21:13 - 2013-03-20 02:24 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Skype
2015-05-24 12:25 - 2014-01-17 18:29 - 00001025 _____ () C:\Users\Mathias\Desktop\Dropbox.lnk
2015-05-24 12:25 - 2014-01-17 18:29 - 00000000 ___RD () C:\Users\Mathias\Dropbox
2015-05-24 12:25 - 2014-01-17 18:27 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-24 12:25 - 2014-01-17 18:26 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Dropbox
2015-05-24 11:52 - 2014-10-24 16:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-24 11:43 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 19:04 - 2013-04-01 12:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-23 19:04 - 2013-04-01 12:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-08 14:59 - 2013-03-02 22:00 - 00000000 ____D () C:\Users\Mathias\AppData\Local\Adobe
2015-05-07 14:07 - 2014-11-14 17:04 - 00000000 ____D () C:\AdwCleaner
2015-05-07 09:44 - 2009-07-14 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-07 06:43 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\rescache
2015-05-07 05:35 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-07 05:34 - 2014-10-24 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-07 05:30 - 2013-03-18 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 05:26 - 2014-12-17 23:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-07 05:26 - 2014-05-02 17:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-07 02:42 - 2015-01-30 21:17 - 00000000 ____D () C:\Users\Mathias\Desktop\Louis
2015-05-06 21:28 - 2013-03-02 22:33 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-06 17:17 - 2013-03-02 19:39 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-06 17:16 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-06 17:16 - 2014-05-25 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-05 18:17 - 2014-10-24 17:06 - 00000000 ____D () C:\Users\Mathias\Documents\Benutzerdefinierte Office-Vorlagen
2015-05-05 11:55 - 2013-03-22 00:35 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\FlowJo7
2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\ProgramData\Cisco
2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-26 20:35 - 2013-03-22 11:16 - 00007356 _____ () C:\Users\Mathias\Documents\FlowJo75.prefs

==================== Files in the root of some directories =======

2013-11-30 18:27 - 2013-11-30 18:27 - 0000132 _____ () C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-06-09 15:28 - 2014-04-02 18:49 - 0037527 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2013-04-18 02:28 - 2014-10-24 16:14 - 0037049 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-10-24 16:18 - 2014-10-24 16:18 - 0038428 _____ () C:\Users\Mathias\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-01-21 19:10 - 2014-01-21 19:10 - 0007605 _____ () C:\Users\Mathias\AppData\Local\Resmon.ResmonCfg
2013-03-07 17:33 - 2014-11-06 17:29 - 0003686 _____ () C:\Users\Mathias\AppData\Local\STAR.trace

Some files in TEMP:
====================
C:\Users\Mathias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 13:09

==================== End of log ============================
         

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Mathias at 2015-05-25 22:54:09
Running from C:\Users\Mathias\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1056725909-2084768229-584163529-500 - Administrator - Disabled)
Gast (S-1-5-21-1056725909-2084768229-584163529-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1056725909-2084768229-584163529-1007 - Limited - Enabled)
Mathias (S-1-5-21-1056725909-2084768229-584163529-1000 - Administrator - Enabled) => C:\Users\Mathias
SophosSAUMATHIAS-PC0 (S-1-5-21-1056725909-2084768229-584163529-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Brother MFL-Pro Suite DCP-585CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Dropbox (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FlowJo 7.6.5 (HKLM-x32\...\FlowJo 7.6.5) (Version: 1.0.0.0 - Tree Star Inc)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Lasergene 8 v8.0.3 (HKLM-x32\...\Lasergene 8) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0407-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\MyFreeCodec) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
RTCA Data Analysis Software 1.0 (HKLM-x32\...\RTCA Data Analysis Software 1.0) (Version: 1.0 - ACEA Biosciences, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-05-2015 13:17:40 Geplanter Prüfpunkt
25-05-2015 21:15:23 Windows Update
25-05-2015 21:16:43 AusweisApp2 wird entfernt
25-05-2015 21:21:05 AusweisApp2 wird entfernt
25-05-2015 21:23:12 AusweisApp2 wird entfernt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C64329-04D9-4A2F-B7EC-4DC6D8EC4435} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {12AE105B-6B27-4ED2-AAD6-DBDD7BA31934} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {18E3324B-DE2D-4897-A440-6963BA15CE97} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-23] (Microsoft Corporation)
Task: {2651AF7E-97A3-4088-A78E-6BC3C44E4ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.)
Task: {2E2E3A18-4C6E-4279-A680-8F5468DFE8D2} - System32\Tasks\AdobeAAMUpdater-1.0-Mathias-PC-Mathias => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {39E20224-2CE6-4DED-8816-E60DC8B90142} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {42BC2640-FDA5-408B-9A39-1529DDF84958} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.)
Task: {5A15AD4D-CB22-4287-B390-002ED32813B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {74397E07-01D4-4EDD-BDC3-DCE4FCB6491F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7665637C-69F8-4661-BCCE-C2410E74155F} - System32\Tasks\{11DD2FFE-B8D9-428F-9D2D-6475F0BB8BBA} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {8E6246F7-C380-4813-8158-7EEA9CBEA709} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {8F484A82-104A-4B05-A46B-0461547107A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9819AC56-FA50-450D-A00A-CACAD1772015} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {B5628888-0466-4560-895D-44B750E74763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {DE376CFC-D730-4E6A-99DA-8B388DDFD1D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {EAD0E95C-9823-4281-9D2F-4B26437CBF82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-19 18:57 - 2014-12-19 18:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-03-11 05:35 - 2010-03-11 05:35 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2014-11-22 04:03 - 2014-11-22 04:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-19 18:57 - 2014-12-19 18:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-24 16:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe
2014-12-03 22:07 - 2014-12-03 22:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2013-10-24 13:58 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-05-24 12:25 - 2015-05-24 12:25 - 00043008 ____N () c:\users\mathias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mathias\Cookies:1OnSYooKl3so4AJ3nX
AlternateDataStreams: C:\Users\Mathias\Desktop\Hörbücher:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\Desktop\Louis:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\Desktop\STEX Bücher ALLEX.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\AppData\Local\Temporary Internet Files:N32bT7yqK0E1LrzUSdcuHKpU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 41.213.217.9 - 41.213.128.81

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9BD7C0B4-42D3-4708-8DFE-5783FD571E43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B0F772A7-A46F-4ACB-9E05-FC83DF5EB2F9}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E50EB4D8-B45E-4D0D-A5FE-0180CC1D06F7}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0A31F420-0516-4C87-81B5-AB6EC7525979}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA45355D-D9DE-49ED-9349-41A505AB5D67}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C4A5806F-97CC-453E-AC8E-A491D7D106BD}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF369288-E255-4E47-A0A8-CC713D53DA8E}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6610392F-BDFC-42C8-A0B3-1CA3F3214F01}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0B4FBD54-604F-4ED6-9EAC-2D3A17772345}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [{BF51BA1B-967C-4138-AFD2-8A8C872681EC}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AFB6A2B4-D928-4D1E-A994-D8D61D664F6D}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{91C9AFC8-D922-4B49-89A7-C4B977941F70}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{781FF156-135D-40A8-8738-D19CAD48C93B}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F12A3783-8F13-42A4-A372-1EA6AD22FE3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{27B2E2B1-CD16-420A-9E38-324D100CB03B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{39511734-43A7-4A3D-BC5D-6F098B763F57}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B33169E0-F02C-4164-875F-A2EE9EECFEE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0CB4AE7-C446-4D3B-9796-564518A4892E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{008ED943-1E08-4FBD-B0E9-D0D0424973F8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{54871ACF-9DAC-4B79-85CE-5B29F0C8C7FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{690F32E8-1050-4DD0-8B75-DEC0F61E90AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6CE26FC4-284D-4FB4-B79B-D924EC2BBCFD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 09:40:22 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3037581" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3037581_20150525_213914945-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.

Error: (05/25/2015 09:38:14 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB2898869" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2898869_20150525_213736816-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.

Error: (05/25/2015 09:34:16 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3035490" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3035490_20150525_213334699-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.

Error: (05/25/2015 09:28:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/25/2015 09:28:17 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {9F2FD6CA-5D3A-4849-A0E2-91F7C8E62C7D}

Error: (05/25/2015 09:28:13 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3023224" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3023224_20150525_212428974-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.

Error: (05/25/2015 09:14:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.0.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 364

Startzeit: 01d095f58ac8bcf9

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:

Error: (05/25/2015 09:14:21 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (05/24/2015 01:10:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/24/2015 11:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/25/2015 09:45:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office:
=========================
Error: (09/29/2014 02:10:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1469004 seconds with 6240 seconds of active time.  This session ended with a crash.

Error: (09/10/2014 02:47:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 35044 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (09/05/2014 01:35:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5190 seconds with 1680 seconds of active time.  This session ended with a crash.

Error: (08/26/2014 07:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 545639 seconds with 22800 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 10:22:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 178862 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (12/23/2013 10:05:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 543210 seconds with 8820 seconds of active time.  This session ended with a crash.

Error: (11/15/2013 06:57:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 608219 seconds with 4260 seconds of active time.  This session ended with a crash.

Error: (09/03/2013 11:11:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 444283 seconds with 1620 seconds of active time.  This session ended with a crash.

Error: (08/27/2013 02:03:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 430941 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 04:58:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 4063.03 MB
Available physical RAM: 1876.46 MB
Total Pagefile: 8124.25 MB
Available Pagefile: 5268.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:228.84 GB) (Free:143.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:226.72 GB) (Free:134.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4DC0A6C6)
Partition 1: (Not Active) - (Size=10.2 GB) - (Type=27)
Partition 2: (Active) - (Size=228.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=226.7 GB) - (Type=07 NTFS)

==================== End of log ============================
         
GmerGMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-25 23:27:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9SA00 rev.PB4OC64G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\pwtiifow.sys


---- User code sections - GMER 2.1 ----

.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                               0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                 0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                               0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                               0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                          * 9
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                  0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                           0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                  0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                           0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                 0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                      0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                               0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                 0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                    0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                 0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                               0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                           0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll
.text  E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                           0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                   00000000769c1870 5 bytes JMP 000000016fff00d8
.text  C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                         0000000076a3f510 8 bytes JMP 000000016fff0110
.text  C:\Windows\Explorer.EXE[1356] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                 000007fefd987490 11 bytes JMP 000007fffd5b00d8
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 779     000007fef9d5d517 1 byte [D5]
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 796     000007fef9d5d528 1 byte [50]
.text  ...                                                                                                                                                          * 4
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 40    000007fef9df9734 5 bytes [48, 85, C0, 74, 06]
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 46    000007fef9df973a 76 bytes {ROL BYTE [RBP+0x481178c0], 0x1; LEA ECX, [RIP+0xde90a]; XOR R8D, R8D; XOR EDX, EDX; CALL 0xfffffffffff68ed2}
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 35  000007fef9df9787 29 bytes {SUB BL, 0x53; TEST RCX, RCX; JNZ 0xf; MOV EAX, 0xffffffff80070057; JMP 0x56}
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 65  000007fef9df97a5 69 bytes [44, 24, 30, 41, B9, 02, 00, ...]
.text  ...                                                                                                                                                          * 26
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 126    000007fef9dfd592 1 byte [8D]
.text  C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 129    000007fef9dfd595 1 byte [28]
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                          * 9
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955                                                                     0x3F 0x5F 0x19 0x4D ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd (not active ControlSet)                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955                                                                         0x3F 0x5F 0x19 0x4D ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Wäre sehr dankbar um Hilfe

Grüße

Alt 26.05.2015, 05:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



hi,

sitzt du irgendwo am indischen Ozean?
__________________

__________________

Alt 26.05.2015, 13:43   #3
MateoRom
 
Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Ja. Noch für die nächsten drei Monate.
__________________

Alt 27.05.2015, 06:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Ok, das erklärt die IP

Ordner sind von Windows Update
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 11:06   #5
MateoRom
 
Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Dann bin ich ja beruhigt. Vielen Dank für deine Hilfe.
Kann ich den defogger wieder re-enablen?

Da ich auf dem Stick einen Mal/EncPK-LL gefunden hab, hatte ich mir leichtsinnigerweise Spyhunter runtergeladen. Habe es mit einiger Mühe wieder geschafft, Spyhunter zu entfernen. Kannst du mir da was drüber sagen? Handelt es sich bie Spyhunter um Maleware?

Vielen Dank und beste Grüße

Mateo


Alt 27.05.2015, 18:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Spyhunter ist nit wirklich Malware, es ist eher Fake. Du sollst zum Entfernen der Funde zahlen, die Funde sind aber in der Regel keine echten Funde
__________________
--> Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?

Alt 28.05.2015, 11:42   #7
MateoRom
 
Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Vielen Dank für deine Hilfe

Alt 28.05.2015, 20:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Standard

Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?
adware, antivir, browser, cpu, desktop, excel, failed, firefox, flash player, format, google, homepage, monitor, mozilla, programm, registry, security, services.exe, software, svchost.exe, system, udp, usb, virus, windows



Ähnliche Themen: Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?


  1. Win 7, neuer Ordner Spacekace
    Log-Analyse und Auswertung - 22.06.2015 (16)
  2. Virus? Sperrbildschirm und Musikvideo erscheinen!
    Smartphone, Tablet & Handy Security - 11.01.2015 (6)
  3. Win7 auf neuer Festplatte neu aufsetzen - Parallelbetrieb mit altem System möglich?
    Alles rund um Windows - 08.11.2014 (1)
  4. Win7 langsam,Antivir dauert Stunden, neuer Befall?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (11)
  5. Win7 - PC laggt, komischer neuer Kontakt in Skype
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (9)
  6. Neuer Win7 PC
    Alles rund um Windows - 10.11.2013 (17)
  7. Immer wiederkehrender Virus und immer neuer Name auch im Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (5)
  8. Komische Benutzernamen mit Adminberechtigung bestehend aus 10 Kleinbuchstaben + 9 Großbuchstaben (ke
    Alles rund um Windows - 20.06.2012 (3)
  9. Neuer PC, Partition auf Win7 erstellen?
    Alles rund um Windows - 28.03.2012 (7)
  10. Unbekannte leere Ordner mit Buchstaben-Zahlen-Kombination aufgetaucht.
    Alles rund um Windows - 09.10.2011 (4)
  11. Windows XP Ordner alle Leer (neuer Administrator)
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (1)
  12. nach jedem Neustart immer ein Ordner Neuer Ordner auf dem Desktop
    Alles rund um Windows - 11.11.2009 (1)
  13. Dateien erscheinen erst wenn der Cursor drüberfährt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (1)
  14. Buchstaben verschwinden, Objekte schwarz, Virus?
    Log-Analyse und Auswertung - 19.04.2008 (6)
  15. windows-explorer: neuer ordner läßt sich nicht erstellen. bitte mal log-file scannen.
    Log-Analyse und Auswertung - 26.04.2006 (1)
  16. Hilfe! Leere Ordner aus Buchstaben und Zahlen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2005 (4)
  17. Neuer Ordner
    Alles rund um Windows - 28.07.2005 (5)

Zum Thema Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? - Hallo zusammen. Seit einiger Zeit tauchen unter Win 7 im Laufwerk C und E immer wieder leere Ordner auf, die ähnlich dem folgenden Beispiel benannt sind: "d73b84760ee2fca97140f3fb2e644626". Mein Virenprogramm (Sophos) - Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus?...
Archiv
Du betrachtest: Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.