MateoRom | 25.05.2015 20:44 | Win7: Erscheinen neuer Ordner bestehend aus Buchstaben- und Zahlenkombination. Virus? Hallo zusammen.
Seit einiger Zeit tauchen unter Win 7 im Laufwerk C und E immer wieder leere Ordner auf, die ähnlich dem folgenden Beispiel benannt sind:
"d73b84760ee2fca97140f3fb2e644626".
Mein Virenprogramm (Sophos) findet aber nichts. Das Sophos Virus Removal Tool findet auch nichts.
Vor kurzem hat mein Virenprogramm (Sophos) auf einem meiner USB Sticks einen Fund gemacht: Mal/EncPK-LL.
Stehen die Ordner und Mal/EncPK-LL im Zusammenhang. Verbirgt sich hinter den neuen Ordnern ein Virus/Trojaner etc?
Anbei die Logs:
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Mathias (administrator) on MATHIAS-PC on 25-05-2015 22:52:37
Running from C:\Users\Mathias\Downloads
Loaded Profiles: Mathias (Available Profiles: Mathias)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Samsung Electronics Co., Ltd.) E:\Programme\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Mathias\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => E:\Programme\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-25] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-20] (Cisco Systems, Inc.)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesPreload] => E:\Programme\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [KiesAirMessage] => E:\Programme\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [] => E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
AppInit_DLLs: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~2.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-25] (Sophos Limited)
AppInit_DLLs-x32: E:\PROGRA~1\LRZ\SOPHOS~1\SOPHOS~1\SOPHOS~1.DLL => E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-25] (Sophos Limited)
Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme\Java\Java 131017\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme\Java\Java 131017\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1056725909-2084768229-584163529-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://asa01.lrz.de/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2013-03-02] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 41.213.217.9 41.213.128.81
FireFox:
========
FF ProfilePath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default
FF Homepage: hxxp://www.spiegel.de/
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz.de./"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> E:\Programme\Java\Java 131017\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Extension: Grooveshark Unlocker - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\nbi6pdvw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-08] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-12] () []
R2 SAVAdminService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-25] (Sophos Limited)
R2 SAVService; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe [205096 2014-05-25] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-25] (Sophos Limited)
R2 Sophos Web Control Service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-25] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 swi_service; E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-25] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-25] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-25] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-25] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-25] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 22:52 - 2015-05-25 22:53 - 00021448 _____ () C:\Users\Mathias\Downloads\FRST.txt
2015-05-25 22:51 - 2015-05-25 22:52 - 00000000 ____D () C:\FRST
2015-05-25 22:46 - 2015-05-25 22:46 - 02108928 _____ (Farbar) C:\Users\Mathias\Downloads\FRST64.exe
2015-05-25 22:45 - 2015-05-25 22:45 - 00000476 _____ () C:\Users\Mathias\Downloads\defogger_disable.log
2015-05-25 22:45 - 2015-05-25 22:45 - 00000000 _____ () C:\Users\Mathias\defogger_reenable
2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe
2015-05-25 21:39 - 2015-05-25 21:40 - 00000000 ____D () C:\5effba31ddb0c47ee6e93b7588c275
2015-05-25 21:37 - 2015-05-25 21:38 - 00000000 ____D () C:\37d9100b4c74c0d4a631a50e3ec8ee04
2015-05-25 21:33 - 2015-05-25 21:34 - 00000000 ____D () C:\d17795a0d34789817551
2015-05-25 21:23 - 2015-05-25 21:28 - 00000000 ____D () C:\2f541fd6bfe3f3be7096b1f96629d7e9
2015-05-25 21:20 - 2015-05-25 21:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-09 15:15 - 2015-05-09 15:15 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-05-07 14:13 - 2015-05-07 14:14 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203(1).exe
2015-05-07 14:01 - 2015-05-07 14:01 - 00464381 ____N () C:\Users\Mathias\Downloads\SpyHunterKiller.exe
2015-05-07 13:55 - 2015-05-07 13:55 - 02204160 _____ () C:\Users\Mathias\Downloads\adwcleaner_4.203.exe
2015-05-07 02:07 - 2015-05-07 02:07 - 00017236 _____ () C:\Users\Mathias\Downloads\http _www.international.tum.de_auslandsaufenthalte_studierende_stipendien_.htm
2015-05-06 17:30 - 2015-05-06 17:30 - 01203488 _____ () C:\Users\Mathias\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-06 17:16 - 2015-05-06 17:16 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-06 17:13 - 2015-05-06 17:14 - 119275136 _____ (Sophos Limited) C:\Users\Mathias\Downloads\Sophos Virus Removal Tool.exe
2015-05-04 17:14 - 2015-05-07 16:49 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC
2015-05-04 10:52 - 2015-05-04 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-04-26 20:20 - 2015-04-26 20:20 - 00000000 ____D () C:\Users\Mathias\Documents\remote sample
2015-04-26 19:15 - 2015-04-26 19:20 - 00000000 ____D () C:\Users\Mathias\Desktop\FACS
2015-04-26 16:50 - 2015-04-26 16:52 - 00000000 ____D () C:\db0d7dba81acf584437d15b8
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 22:50 - 2009-07-14 08:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 22:48 - 2010-11-21 10:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-25 22:48 - 2010-11-21 10:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-25 22:48 - 2009-07-14 09:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 22:45 - 2013-03-01 21:38 - 00000000 ____D () C:\Users\Mathias
2015-05-25 22:25 - 2015-04-22 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 22:17 - 2013-03-06 22:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 22:09 - 2013-04-01 12:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 22:05 - 2013-03-01 19:24 - 01324735 ____N () C:\Windows\WindowsUpdate.log
2015-05-25 21:51 - 2013-05-15 15:39 - 00000000 ____D () C:\Windows\Minidump
2015-05-25 21:41 - 2013-03-02 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-25 21:15 - 2013-04-01 12:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 21:13 - 2013-03-20 02:24 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Skype
2015-05-24 12:25 - 2014-01-17 18:29 - 00001025 _____ () C:\Users\Mathias\Desktop\Dropbox.lnk
2015-05-24 12:25 - 2014-01-17 18:29 - 00000000 ___RD () C:\Users\Mathias\Dropbox
2015-05-24 12:25 - 2014-01-17 18:27 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-24 12:25 - 2014-01-17 18:26 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\Dropbox
2015-05-24 11:52 - 2014-10-24 16:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-24 11:43 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 19:04 - 2013-04-01 12:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-23 19:04 - 2013-04-01 12:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-08 14:59 - 2013-03-02 22:00 - 00000000 ____D () C:\Users\Mathias\AppData\Local\Adobe
2015-05-07 14:07 - 2014-11-14 17:04 - 00000000 ____D () C:\AdwCleaner
2015-05-07 09:44 - 2009-07-14 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-07 06:43 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\rescache
2015-05-07 05:35 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-07 05:34 - 2014-10-24 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-07 05:30 - 2013-03-18 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 05:26 - 2014-12-17 23:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-07 05:26 - 2014-05-02 17:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-07 02:42 - 2015-01-30 21:17 - 00000000 ____D () C:\Users\Mathias\Desktop\Louis
2015-05-06 21:28 - 2013-03-02 22:33 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-05-06 21:28 - 2013-03-02 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-06 17:17 - 2013-03-02 19:39 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-06 17:16 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-06 17:16 - 2014-05-25 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-05 18:17 - 2014-10-24 17:06 - 00000000 ____D () C:\Users\Mathias\Documents\Benutzerdefinierte Office-Vorlagen
2015-05-05 11:55 - 2013-03-22 00:35 - 00000000 ____D () C:\Users\Mathias\AppData\Roaming\FlowJo7
2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\ProgramData\Cisco
2015-05-04 10:52 - 2013-03-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-26 20:35 - 2013-03-22 11:16 - 00007356 _____ () C:\Users\Mathias\Documents\FlowJo75.prefs
==================== Files in the root of some directories =======
2013-11-30 18:27 - 2013-11-30 18:27 - 0000132 _____ () C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-06-09 15:28 - 2014-04-02 18:49 - 0037527 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2013-04-18 02:28 - 2014-10-24 16:14 - 0037049 _____ () C:\Users\Mathias\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-10-24 16:18 - 2014-10-24 16:18 - 0038428 _____ () C:\Users\Mathias\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-01-21 19:10 - 2014-01-21 19:10 - 0007605 _____ () C:\Users\Mathias\AppData\Local\Resmon.ResmonCfg
2013-03-07 17:33 - 2014-11-06 17:29 - 0003686 _____ () C:\Users\Mathias\AppData\Local\STAR.trace
Some files in TEMP:
====================
C:\Users\Mathias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 13:09
==================== End of log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Mathias at 2015-05-25 22:54:09
Running from C:\Users\Mathias\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1056725909-2084768229-584163529-500 - Administrator - Disabled)
Gast (S-1-5-21-1056725909-2084768229-584163529-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1056725909-2084768229-584163529-1007 - Limited - Enabled)
Mathias (S-1-5-21-1056725909-2084768229-584163529-1000 - Administrator - Enabled) => C:\Users\Mathias
SophosSAUMATHIAS-PC0 (S-1-5-21-1056725909-2084768229-584163529-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Brother MFL-Pro Suite DCP-585CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Dropbox (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FlowJo 7.6.5 (HKLM-x32\...\FlowJo 7.6.5) (Version: 1.0.0.0 - Tree Star Inc)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Lasergene 8 v8.0.3 (HKLM-x32\...\Lasergene 8) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0407-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
RTCA Data Analysis Software 1.0 (HKLM-x32\...\RTCA Data Analysis Software 1.0) (Version: 1.0 - ACEA Biosciences, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-1056725909-2084768229-584163529-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1056725909-2084768229-584163529-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-05-2015 13:17:40 Geplanter Prüfpunkt
25-05-2015 21:15:23 Windows Update
25-05-2015 21:16:43 AusweisApp2 wird entfernt
25-05-2015 21:21:05 AusweisApp2 wird entfernt
25-05-2015 21:23:12 AusweisApp2 wird entfernt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05C64329-04D9-4A2F-B7EC-4DC6D8EC4435} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {12AE105B-6B27-4ED2-AAD6-DBDD7BA31934} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {18E3324B-DE2D-4897-A440-6963BA15CE97} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-23] (Microsoft Corporation)
Task: {2651AF7E-97A3-4088-A78E-6BC3C44E4ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.)
Task: {2E2E3A18-4C6E-4279-A680-8F5468DFE8D2} - System32\Tasks\AdobeAAMUpdater-1.0-Mathias-PC-Mathias => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {39E20224-2CE6-4DED-8816-E60DC8B90142} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {42BC2640-FDA5-408B-9A39-1529DDF84958} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01] (Google Inc.)
Task: {5A15AD4D-CB22-4287-B390-002ED32813B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {74397E07-01D4-4EDD-BDC3-DCE4FCB6491F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7665637C-69F8-4661-BCCE-C2410E74155F} - System32\Tasks\{11DD2FFE-B8D9-428F-9D2D-6475F0BB8BBA} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {8E6246F7-C380-4813-8158-7EEA9CBEA709} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {8F484A82-104A-4B05-A46B-0461547107A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9819AC56-FA50-450D-A00A-CACAD1772015} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mathias-PC-Mathias Mathias-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {B5628888-0466-4560-895D-44B750E74763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {DE376CFC-D730-4E6A-99DA-8B388DDFD1D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {EAD0E95C-9823-4281-9D2F-4B26437CBF82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-12-19 18:57 - 2014-12-19 18:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-03-11 05:35 - 2010-03-11 05:35 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2014-11-22 04:03 - 2014-11-22 04:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-19 18:57 - 2014-12-19 18:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-24 16:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-25 22:44 - 2015-05-25 22:44 - 00050477 _____ () C:\Users\Mathias\Downloads\Defogger.exe
2014-12-03 22:07 - 2014-12-03 22:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2013-10-24 13:58 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-08 00:27 - 2015-01-08 00:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-05-24 12:25 - 2015-05-24 12:25 - 00043008 ____N () c:\users\mathias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpataifm.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Mathias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Mathias\Cookies:1OnSYooKl3so4AJ3nX
AlternateDataStreams: C:\Users\Mathias\Desktop\Hörbücher:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\Desktop\Louis:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\Desktop\STEX Bücher ALLEX.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mathias\AppData\Local\Temporary Internet Files:N32bT7yqK0E1LrzUSdcuHKpU
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1056725909-2084768229-584163529-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 41.213.217.9 - 41.213.128.81
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9BD7C0B4-42D3-4708-8DFE-5783FD571E43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B0F772A7-A46F-4ACB-9E05-FC83DF5EB2F9}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E50EB4D8-B45E-4D0D-A5FE-0180CC1D06F7}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0A31F420-0516-4C87-81B5-AB6EC7525979}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA45355D-D9DE-49ED-9349-41A505AB5D67}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C4A5806F-97CC-453E-AC8E-A491D7D106BD}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF369288-E255-4E47-A0A8-CC713D53DA8E}C:\users\mathias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mathias\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6610392F-BDFC-42C8-A0B3-1CA3F3214F01}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0B4FBD54-604F-4ED6-9EAC-2D3A17772345}E:\programme\flowjo\jre\bin\javaw.exe] => (Allow) E:\programme\flowjo\jre\bin\javaw.exe
FirewallRules: [{BF51BA1B-967C-4138-AFD2-8A8C872681EC}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AFB6A2B4-D928-4D1E-A994-D8D61D664F6D}] => (Allow) C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{91C9AFC8-D922-4B49-89A7-C4B977941F70}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{781FF156-135D-40A8-8738-D19CAD48C93B}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F12A3783-8F13-42A4-A372-1EA6AD22FE3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{27B2E2B1-CD16-420A-9E38-324D100CB03B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{39511734-43A7-4A3D-BC5D-6F098B763F57}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B33169E0-F02C-4164-875F-A2EE9EECFEE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0CB4AE7-C446-4D3B-9796-564518A4892E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{008ED943-1E08-4FBD-B0E9-D0D0424973F8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{54871ACF-9DAC-4B79-85CE-5B29F0C8C7FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{690F32E8-1050-4DD0-8B75-DEC0F61E90AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6CE26FC4-284D-4FB4-B79B-D924EC2BBCFD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2015 09:40:22 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3037581" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3037581_20150525_213914945-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.
Error: (05/25/2015 09:38:14 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB2898869" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2898869_20150525_213736816-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.
Error: (05/25/2015 09:34:16 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3035490" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3035490_20150525_213334699-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.
Error: (05/25/2015 09:28:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (05/25/2015 09:28:17 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {9F2FD6CA-5D3A-4849-A0E2-91F7C8E62C7D}
Error: (05/25/2015 09:28:13 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 - Update "KB3023224" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3023224_20150525_212428974-Microsoft .NET Framework 4.5.1-MSP0.txt enthalten.
Error: (05/25/2015 09:14:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.0.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 364
Startzeit: 01d095f58ac8bcf9
Endzeit: 7
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error: (05/25/2015 09:14:21 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (05/24/2015 01:10:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (05/24/2015 11:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/25/2015 09:45:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (05/25/2015 09:45:01 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office:
=========================
Error: (09/29/2014 02:10:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1469004 seconds with 6240 seconds of active time. This session ended with a crash.
Error: (09/10/2014 02:47:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 35044 seconds with 360 seconds of active time. This session ended with a crash.
Error: (09/05/2014 01:35:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5190 seconds with 1680 seconds of active time. This session ended with a crash.
Error: (08/26/2014 07:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 545639 seconds with 22800 seconds of active time. This session ended with a crash.
Error: (04/03/2014 10:22:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 178862 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (12/23/2013 10:05:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 543210 seconds with 8820 seconds of active time. This session ended with a crash.
Error: (11/15/2013 06:57:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 608219 seconds with 4260 seconds of active time. This session ended with a crash.
Error: (09/03/2013 11:11:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 444283 seconds with 1620 seconds of active time. This session ended with a crash.
Error: (08/27/2013 02:03:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 430941 seconds with 240 seconds of active time. This session ended with a crash.
Error: (05/27/2013 04:58:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 120 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 4063.03 MB
Available physical RAM: 1876.46 MB
Total Pagefile: 8124.25 MB
Available Pagefile: 5268.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:228.84 GB) (Free:143.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:226.72 GB) (Free:134.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4DC0A6C6)
Partition 1: (Not Active) - (Size=10.2 GB) - (Type=27)
Partition 2: (Active) - (Size=228.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=226.7 GB) - (Type=07 NTFS)
==================== End of log ============================ GmerGMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-25 23:27:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9SA00 rev.PB4OC64G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\pwtiifow.sys
---- User code sections - GMER 2.1 ----
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll
.text E:\Programme\LRZ\Sophos AntiVir\Sophos Anti-Virus\SavService.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000769c1870 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076a3f510 8 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[1356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd987490 11 bytes JMP 000007fffd5b00d8
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 779 000007fef9d5d517 1 byte [D5]
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllCanUnloadNow + 796 000007fef9d5d528 1 byte [50]
.text ... * 4
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 40 000007fef9df9734 5 bytes [48, 85, C0, 74, 06]
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllRegisterServer + 46 000007fef9df973a 76 bytes {ROL BYTE [RBP+0x481178c0], 0x1; LEA ECX, [RIP+0xde90a]; XOR R8D, R8D; XOR EDX, EDX; CALL 0xfffffffffff68ed2}
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 35 000007fef9df9787 29 bytes {SUB BL, 0x53; TEST RCX, RCX; JNZ 0xf; MOV EAX, 0xffffffff80070057; JMP 0x56}
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!DllUnregisterServer + 65 000007fef9df97a5 69 bytes [44, 24, 30, 41, B9, 02, 00, ...]
.text ... * 26
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 126 000007fef9dfd592 1 byte [8D]
.text C:\Windows\Explorer.EXE[1356] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL!ExecuteSPFSVerbW + 129 000007fef9dfd595 1 byte [28]
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes JMP 762fb1ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes JMP 762fb31a C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes JMP 76378f09 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes CALL 762d4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes JMP 76378802 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes JMP 763789d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes JMP 763786f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes JMP 76378ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes JMP 762efc78 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes JMP 762f68bf C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes JMP 76378fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes JMP 76378b22 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes JMP 763786bc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes JMP 762efd11 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes JMP 762fb2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes JMP 76378e84 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Mathias\Downloads\Gmer-19357.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes JMP 76378651 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955 0x3F 0x5F 0x19 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e7a7fd@000c8abce955 0x3F 0x5F 0x19 0x4D ...
---- EOF - GMER 2.1 ---- --- --- ---
Wäre sehr dankbar um Hilfe :)
Grüße |