Hallo zusammen,

ich habe folgendes Problem mit meinem Computer:

• Das DVD Laufwerk öffnet sich sporadisch, mal passiert 2 Wochen nichts, dann öffnet es sich 3 mal am Tag.

• Der Virenscanner (Sophos, aktuelle Version 10.3) lässt sich ab und zu nicht updaten.

• Das Drucken über die Netzwerkfreigabe funktioniert seit gestern nicht mehr in meinem Standardbenutzer, unter Admin geht es.

• Es erscheint beim Systemstart (in beiden Konten) die DOS Eingabeaufforderung für 2 Sekunden und verschwindet dann wieder, ohne dass ein Text sichtbar wurde (Cursor steht auf C

• Der Scanvorgang mit GMER hat beim ersten Durchlauf nicht funktioniert. Programm wurde aufgrund eines Fehlers beendet. Beim zweiten Versuch hat es geklappt.

Sonst konnte ich nichts auffälliges beobachten.
Könnt Ihr mir bitte weiterhelfen? Bin mit meinem Latein am Ende, zumal ich den Rechner erst im Januar neu aufgesetzt habe.
Im Voraus vielen Dank.

Gruß,
Jan

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014 01
Ran by Jan at 2014-03-08 10:57:32
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

 Tools for .Net 3.5 - DEU Lang Pack (Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (Version: 3.11.50727 - Microsoft Corporation) Hidden
@RISK 6.2 (HKLM\...\{B018DC67-11AC-4D32-9C2E-2BD5F657DC7D}) (Version: 6.2.0 - Palisade Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )
ARIS EXPRESS (HKLM\...\{49ABE0DF-5BC9-40E8-8996-7A2938BFB5C2}) (Version: 2.4 - Software AG)
AzureTools.Notifications (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio 2013 (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Calisto DFU Driver (x86) (HKLM\...\{A595CC0D-F39E-4A66-B057-B0DBE9BAD757}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{CD3C2621-B611-4A30-BB37-81CA880AB895}) (Version:  - Microsoft)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition - DEU (HKLM\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited)
Entity Framework Tools for Visual Studio 2013 (HKLM\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Erforderliche Komponenten für SSDT  (HKLM\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.0 (Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
Leistungstools für Visual Studio 2013 (HKLM\...\{86bce4c1-9288-46e5-8cc6-b15fb44c4308}) (Version: 12.0.21005.1 - Microsoft Corporation)
Lenovo Patch Utility (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
LocalESPC Dev12 (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (Version: 8.100.25984 - Microsoft) Hidden
Maple 16 (HKLM\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Advertising SDK for Windows 8.1 - ENU (Version: 8.1.30809.0 - Microsoft Corporation) Hidden
Microsoft Advertising Service Extension for Visual Studio (Version: 12.0.30809.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - DEU (Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime - DEU (Version: 4.0.20716.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (Version: 4.0.20716.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - DEU (Version: 5.0.11001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (Version: 5.0.11001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - DEU (Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime - DEU (Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Exchange Web Services Managed API 2.0 (Version: 15.0.516.14 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20621.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 Core (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch für Visual Studio 2013 CoreRes - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch v4.0 SDK (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2013 (Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x86) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools für Microsoft Visual Studio (x86) - DEU Sprachpaket (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack Language Pack - deu (Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2013 (Version: 11.1.3366.16 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On für Visual Studio 2013 (Version: 11.1.3366.16 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools für Visual Studio DEU Sprachpaket (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{1C2B3CEA-482E-4453-B3E2-C9731337828A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{92C5C058-E941-47C3-B7E8-38A79C605969}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM\...\{9C3B8582-A72A-4835-8903-877A834407BB}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{E41DF93D-DC9B-4B22-A968-07077C574E43}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{7401A902-8F22-4C66-9FE4-CAC3373DFD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{CAAD4A3A-27DE-4506-93AB-A016D9064945}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{387C998E-3990-4503-91BF-88A7D5873EEB}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 DEU (HKLM\...\{7CC4FADE-70AC-4560-9418-639D71A4767C}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) de (HKLM\...\{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM\...\{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) de (HKLM\...\{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de (HKLM\...\{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x86) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x86) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visio MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++  ARM Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers - DEU Resources (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Extended Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU (Version: 10.0.40820 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Ultimate - DEU (HKLM\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2013 Devenv (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Core x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTraceLoc (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Profiling Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Leistungserfassungstools - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Leistungserfassungstools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Vorbereitung (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 (HKLM\...\{3ea69e8e-ae6e-445b-bc1d-809ecb789ec4}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Developer Tools 2013 - Visual Studio 2013 - deu (Version: 2.0.40926.0 - Microsoft Corporation) Hidden
Microsoft Web Developer Tools 2013 - Visual Studio 2013 (Version: 2.0.40926.0 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Open XML SDK 2.5 for Microsoft Office (Version: 2.5.5631 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (Version: 4.5.21005 - Microsoft Corporation) Hidden
Palisade Language Resources [DE] (HKLM\...\{5F64B1F2-AC1F-49D8-9FD8-73E460F79473}) (Version: 6.2.0 - Palisade Corporation)
ph (Version: 1.0.0 - Your Company Name) Hidden
Plantronics Spokes Software (HKLM\...\{6A281EAE-6F09-455E-8F70-7354C99822EF}) (Version: 2.8.38701.2 - Plantronics, Inc.)
PreEmptive Analytics Client German Language Pack (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Python Tools - Umleitungsvorlage (Version: 1.1 - Microsoft Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Sophos Anti-Virus (HKLM\...\{4320988A-7DE0-478D-A38B-CE9509BCE320}) (Version: 10.3.1 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{9AA2D735-3375-42D4-9A61-3FFEF82599D6}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPRO_{49893259-C896-4972-9B6C-6B75790945F1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPRO_{65D789FD-9118-45AF-8DE4-F49F358A8525}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{7E8D777B-BD75-480D-AC03-AF9C3D83CDBF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPRO_{B9DB28D9-15D0-4DDE-A123-C9B82AC9A579}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{BC369230-B0E0-4BB0-82D6-E93196060BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{FD782270-0456-4B87-AC5E-C6EE2D063C48}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.VISPRO_{08F8B8BC-97B5-4110-8FC1-A840DEAD0DF9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.VISPRO_{F75F8521-118D-4DE2-927F-073BE7B6DC7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.VISPRO_{E11A0DDD-9F6D-49C6-8F02-850D44DD7639}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.VISPRO_{A1416C8A-2BA0-43D0-BCD5-C6C29D029327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{079FC22A-639F-4690-8512-F54DCD8493C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{13A97DC6-1E49-40B1-94E6-EB4CC3087607}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{C89EE024-ECC9-43EB-9D6A-52AB9B73ED63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{2982593C-B10B-4757-A58A-7926ED063448}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPRO_{EBEB9885-E941-44AB-960A-FE4970ACB1F1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{0AA960ED-0F9A-42EC-B9F4-52A104EB954D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{3EF35AB5-21A1-4858-97BB-E4CF1ECF3736}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{166909FC-6736-4EE5-9491-1BF9A4EE84E7}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (HKLM\...\{90150000-0054-0407-0000-0000000FF1CE}_Office15.VISPRO_{2FEF519A-1724-4682-8706-17171BF45C62}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{9CEFDC22-A298-451A-905E-28E42B90A563}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Visual F# 3.1 SDK (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 SDK Language Pack - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS Language Pack - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.9600.16408 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows App Certification Kit Native Components (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows App Certification Kit x86 (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Azure Mobile Services SDK (Version: 1.0.10815.0 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 (Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools für Visual Studio 2013 Preview Language Pack - v1.0 (Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 (Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Azure Tools für LightSwitch für Visual Studio 2013 - $(var.OOBPublishVersion) (DEU) (Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Runtime Intellisense Content - de-de (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Plantronics, Inc. (usbser.nt) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO EÜR & Kasse 2013 (HKLM\...\{85517AFF-D393-49B1-9159-4AB88ED2D6FA}) (Version: 20.01.8152 - Buhl Data Service GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-02-2014 19:02:38 Windows Update
21-02-2014 12:45:53 Windows Update
25-02-2014 19:21:32 Windows Update
01-03-2014 00:26:26 Windows Update
04-03-2014 15:10:34 Windows Update
07-03-2014 13:49:07 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
07-03-2014 14:47:36 Removed Adobe Help Manager

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F01843D-B43D-4FF0-8FB4-36686634FBD7} - System32\Tasks\{FDC38209-C03C-4DED-9C21-2AFD7F75568D} => C:\Program Files\ARIS Express\client\ARIS Express.exe [2012-12-19] (Software AG)
Task: {4FC95D57-B34F-476B-B866-608391EC872F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {8BAD84D0-F472-44F9-8912-AC809CE1862A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {93CF29CD-2D13-4CC5-B3AC-F0485E2AE09A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for T400-Standard T400 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-11-08] (Microsoft Corporation)
Task: {F13157BC-5334-40EC-A978-ED2F3EAAD03B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FC89C39C-72FF-4945-82C9-C220CE20511A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-08 15:22 - 2013-12-09 06:04 - 00108032 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-06 05:01 - 2014-02-22 23:08 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bluetooth Connection Assistant => LBTWIZ.EXE -silent
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: PlantronicsBatteryStatus.exe => C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
MSCONFIG\startupreg: PlantronicsURE.exe => C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 10:13:28 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0xf2c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (03/08/2014 10:04:40 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/07/2014 04:15:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000728d6
ID des fehlerhaften Prozesses: 0xbb4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (03/07/2014 03:47:37 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler
.

Error: (03/07/2014 03:47:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler
.

Error: (03/07/2014 02:49:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler
.

Error: (03/07/2014 02:49:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler
.

Error: (03/07/2014 01:52:21 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/04/2014 11:10:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.7109.5000, Zeitstempel: 0x522a4031
Name des fehlerhaften Moduls: RSKLIB6_x86.DLL, Version: 6.2.0.986, Zeitstempel: 0x524495a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00068866
ID des fehlerhaften Prozesses: 0x1dc8
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3

Error: (03/04/2014 04:53:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7113.5000, Zeitstempel: 0x527d636c
Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 14.0.7113.5000, Zeitstempel: 0x527d636c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ff310
ID des fehlerhaften Prozesses: 0x2508
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3


System errors:
=============
Error: (03/08/2014 10:34:55 AM) (Source: TPM) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (03/08/2014 09:56:02 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/07/2014 07:34:23 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/07/2014 07:27:25 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/07/2014 02:40:12 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/07/2014 02:34:59 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/07/2014 02:34:59 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/07/2014 01:43:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2014 11:32:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/05/2014 11:32:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (03/08/2014 10:13:28 AM) (Source: Application Error)(User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298f2c01cf3aadbb4120ceC:\Users\Standard\Downloads\Gmer-19357.exeC:\Users\Standard\Downloads\Gmer-19357.exee8c8798c-a6a1-11e3-8489-001c2599a902

Error: (03/08/2014 10:04:40 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/07/2014 04:15:50 PM) (Source: Application Error)(User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000409000728d6bb401cf3a16e81316f2C:\Users\Standard\Downloads\Gmer-19357.exeC:\Users\Standard\Downloads\Gmer-19357.exe5d63a5a5-a60b-11e3-8bd8-001c2599a902

Error: (03/07/2014 03:47:37 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler

Error: (03/07/2014 03:47:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler

Error: (03/07/2014 02:49:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler

Error: (03/07/2014 02:49:06 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to push subdirectory.

System Error:
Unbekannter Fehler

Error: (03/07/2014 01:52:21 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/04/2014 11:10:22 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.7109.5000522a4031RSKLIB6_x86.DLL6.2.0.986524495a8c0000005000688661dc801cf37a90c0f8f5cC:\Program Files\Microsoft Office\Office14\EXCEL.EXEC:\Program Files\Palisade\System\RSKLIB6_x86.DLLc743f813-a3e9-11e3-b266-001c2599a902

Error: (03/04/2014 04:53:09 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE14.0.7113.5000527d636cOUTLOOK.EXE14.0.7113.5000527d636cc0000005000ff310250801cf37c18240b228C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXEC:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE14a00eed-a3b5-11e3-b266-00059a3c7a00


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3066.03 MB
Available physical RAM: 1606.65 MB
Total Pagefile: 6130.34 MB
Available Pagefile: 4442.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:166.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Jan (administrator) on T400 on 08-03-2014 10:56:44
Running from C:\Users\Jan\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [342360 2013-11-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [5026136 2013-12-09] (Lenovo Group Limited)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-06] (Microsoft Corporation)
HKU\S-1-5-21-1317404755-1251353404-2658081690-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1317404755-1251353404-2658081690-1001\...\MountPoints2: {0730b5c9-7679-11e3-acc1-806e6f6e6963} - D:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-02-25] (Sophos Limited)
Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\ut5d1jdr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

========================== Services (Whitelisted) =================

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-03-04] (Flexera Software, Inc.)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2013-08-21] (Microsoft Corporation)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2013-05-22] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664856 2013-12-09] (Lenovo Group Limited)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2014-01-06] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2014-01-06] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2014-01-06] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2014-01-06] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1471992 2014-01-06] (Sophos Limited)
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116216 2013-05-24] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2014-01-06] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2014-01-06] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2014-01-06] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2014-01-06] (Sophos Plc)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [48128 2009-12-08] (Microsoft Corporation)
U3 pxldipog; \??\C:\Users\JANSTA~1\AppData\Local\Temp\pxldipog.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 10:56 - 2014-03-08 10:56 - 01145344 _____ (Farbar) C:\Users\Jan\Downloads\FRST(1).exe
2014-03-08 10:56 - 2014-03-08 10:56 - 00011855 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-03-08 10:55 - 2014-03-08 10:55 - 01145344 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-03-08 10:48 - 2014-03-08 10:48 - 00094461 _____ () C:\Users\Jan\Documents\GMER 2.log
2014-03-08 10:47 - 2014-03-08 10:48 - 00095529 _____ () C:\Users\Jan\Documents\GMER 2.txt
2014-03-07 16:04 - 2014-03-07 16:04 - 00380416 _____ () C:\Users\Jan\Desktop\Gmer-19357.exe
2014-03-07 15:52 - 2014-03-08 10:56 - 00000000 ____D () C:\FRST
2014-03-07 15:11 - 2014-03-07 15:11 - 00010519 _____ () C:\Users\Standard\Documents\tele.xlsx
2014-03-05 22:03 - 2014-03-05 22:03 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\WinRAR
2014-03-05 22:02 - 2014-03-05 22:02 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-05 22:02 - 2014-03-05 22:02 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-05 21:01 - 2014-03-05 21:01 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-03-05 20:36 - 2014-03-05 20:36 - 00000000 ____D () C:\Program Files\My Company Name
2014-03-05 20:36 - 2014-03-05 20:36 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-03-04 13:46 - 2014-03-04 13:46 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-03-04 13:45 - 2014-03-04 13:45 - 00001964 _____ () C:\Users\Public\Desktop\@RISK 6.lnk
2014-03-04 13:45 - 2014-03-04 13:45 - 00000000 ____D () C:\Program Files\Common Files\Data Dynamics
2014-03-04 13:42 - 2014-03-04 13:45 - 00000000 ____D () C:\Program Files\Palisade
2014-03-04 13:40 - 2014-03-04 13:40 - 00000000 ____D () C:\Users\Jan\AppData\Local\Downloaded Installations
2014-03-04 13:31 - 2014-03-04 13:40 - 165777624 _____ (Palisade Corporation) C:\Users\Standard\Downloads\RISK62-Setup.exe
2014-02-25 21:44 - 2014-02-25 22:25 - 00017394 _____ () C:\Users\Standard\Documents\Verkäufe.xlsx
2014-02-25 21:44 - 2014-02-25 22:25 - 00011099 _____ () C:\Users\Standard\Documents\Kundenstamm.xlsx
2014-02-22 23:08 - 2014-02-22 23:08 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-22 23:08 - 2014-02-22 23:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 20:12 - 2014-02-25 22:25 - 02723840 _____ () C:\Users\Standard\Documents\Verkäufe.accdb
2014-02-16 15:37 - 2014-02-16 15:37 - 00009725 _____ () C:\Users\Standard\Documents\Mappe1.xlsx
2014-02-14 00:46 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 00:46 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 00:46 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 00:46 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 00:46 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 00:46 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 00:46 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 00:46 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 00:46 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 00:46 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 00:46 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 00:46 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 00:46 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 00:46 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 00:46 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 00:46 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 00:46 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 00:46 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 00:46 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 00:46 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 00:46 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 00:33 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 23:53 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 23:53 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 23:53 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 23:53 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 23:53 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 23:53 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 23:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 23:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 23:53 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 23:53 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 23:53 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 23:53 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 23:53 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 23:53 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:37 - 2014-02-13 11:37 - 00331369 _____ () C:\Users\Standard\Documents\Umlaufbogen_Ansicht 1.xps
2014-02-12 19:09 - 2014-02-25 00:46 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\NuGet
2014-02-11 14:44 - 2014-02-11 14:44 - 00001499 _____ () C:\Users\Standard\Desktop\Visual Studio 2013.lnk
2014-02-11 14:43 - 2014-02-15 21:54 - 00000000 ____D () C:\Users\Standard\Documents\Visual Studio 2013
2014-02-11 14:38 - 2014-02-11 14:40 - 00000000 ____D () C:\Users\Jan\Documents\Visual Studio 2013
2014-02-11 14:26 - 2014-02-11 14:26 - 00000000 ____D () C:\Program Files\Workflow Manager Tools
2014-02-11 14:26 - 2014-02-11 14:26 - 00000000 ____D () C:\Program Files\Open XML SDK
2014-02-11 14:25 - 2014-02-11 14:25 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2014-02-11 14:25 - 2014-02-11 14:25 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2014-02-11 14:21 - 2014-02-11 14:21 - 00000000 ____D () C:\Program Files\Application Verifier
2014-02-11 14:20 - 2014-02-11 14:20 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-02-11 14:08 - 2014-02-11 14:09 - 00000000 ____D () C:\Program Files\Microsoft Web Tools
2014-02-11 14:07 - 2014-02-11 14:08 - 00000000 ____D () C:\Program Files\IIS Express
2014-02-11 14:07 - 2014-02-11 14:07 - 00000000 ____D () C:\ProgramData\NuGet
2014-02-11 14:07 - 2014-02-11 14:07 - 00000000 ____D () C:\Program Files\NuGet
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Program Files\Microsoft WCF Data Services
2014-02-11 14:03 - 2014-02-11 14:18 - 00000000 ____D () C:\Program Files\Windows Kits
2014-02-11 14:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-11 13:25 - 2014-02-11 13:30 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\ImgBurn
2014-02-11 13:10 - 2014-02-11 13:10 - 00001815 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-02-11 13:10 - 2014-02-11 13:10 - 00000000 ____D () C:\Program Files\ImgBurn
2014-02-11 13:03 - 2014-02-11 14:35 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-02-11 13:03 - 2014-02-11 13:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 12:29 - 2014-02-11 12:29 - 00002276 _____ () C:\Users\Public\Desktop\MP3.lnk
2014-02-11 12:29 - 2014-02-11 12:29 - 00000000 ____D () C:\Users\Standard\Documents\DVDVideoSoft
2014-02-11 12:29 - 2014-02-11 12:29 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\DVDVideoSoft
2014-02-11 12:28 - 2014-02-11 12:29 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\DVDVideoSoft
2014-02-11 12:28 - 2014-02-11 12:29 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-02-11 12:28 - 2014-02-11 12:28 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-02-11 12:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-11 12:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-11 11:35 - 2014-02-11 11:35 - 00000000 ____D () C:\Users\Standard\Downloads\Visual Studio 2013 Professional 32-bit (German)
2014-02-11 11:15 - 2014-02-11 11:15 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\e-academy Inc
2014-02-10 23:30 - 2014-02-10 23:30 - 00003005 _____ () C:\Users\Standard\Desktop\Visio 2013.lnk
2014-02-08 17:31 - 2014-02-08 17:31 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\FLEXnet
2014-02-08 17:30 - 2014-03-01 20:06 - 00000000 ____D () C:\Users\Standard\AppData\Local\Plantronics
2014-02-08 17:29 - 2014-02-08 17:29 - 00000000 ____D () C:\Program Files\Winamp
2014-02-08 17:29 - 2014-02-08 17:29 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-08 17:28 - 2014-03-04 13:46 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\ProgramData\Plantronics
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\Program Files\Plantronics
2014-02-08 17:27 - 2014-02-08 17:27 - 00000000 ____D () C:\Program Files\Common Files\Plantronics
2014-02-08 17:09 - 2010-01-15 13:22 - 00108072 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-02-08 17:09 - 2010-01-15 13:22 - 00086056 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-02-08 17:09 - 2010-01-15 13:22 - 00018472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-02-08 17:09 - 2009-04-07 14:32 - 00029472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-02-08 16:56 - 2014-02-08 16:56 - 00000000 ____D () C:\Users\Standard\Documents\Bluetooth-Exchange-Ordner
2014-02-08 16:56 - 2014-02-08 16:56 - 00000000 ____D () C:\Users\Standard\AppData\Local\Broadcom
2014-02-08 16:23 - 2014-02-08 16:24 - 12593024 _____ (Broadcom Corporation.) C:\Users\Jan\Downloads\SetupBtwDownloadSE.exe
2014-02-08 15:49 - 2014-02-08 15:49 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\PwrMgr
2014-02-08 15:47 - 2013-05-22 16:17 - 00013680 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\smiif32.sys
2014-02-08 15:46 - 2014-02-08 15:47 - 11082072 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\8jvu39ww.exe
2014-02-08 15:38 - 2014-02-08 15:38 - 00000000 ____D () C:\Users\Jan\AppData\Local\Lenovo
2014-02-08 15:37 - 2014-02-08 15:37 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\PwrMgr
2014-02-08 15:29 - 2014-02-08 15:29 - 00000000 ____D () C:\Users\Standard\AppData\Local\Lenovo
2014-02-08 15:24 - 2014-02-08 15:24 - 00000000 ____D () C:\ProgramData\Lenovo
2014-02-08 15:22 - 2013-12-09 06:04 - 03826520 ____N (Lenovo Group Limited) C:\Windows\system32\PWMCP32V.cpl
2014-02-08 15:22 - 2013-12-09 06:04 - 02692952 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2014-02-08 15:22 - 2013-12-09 06:04 - 00025416 ____N (Lenovo.) C:\Windows\system32\Drivers\DOZEHDD.SYS
2014-02-08 15:22 - 2013-12-09 06:04 - 00019712 ____N (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR32V.SYS
2014-02-08 15:20 - 2014-02-08 15:21 - 56151064 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7uwc49ww.exe
2014-02-08 15:19 - 2014-02-08 15:20 - 22016376 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\g1gp20ww.exe
2014-02-08 15:18 - 2014-02-08 17:28 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-08 15:17 - 2014-02-08 15:17 - 26338936 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\gtu402ww.exe
2014-02-08 15:16 - 2014-02-08 15:16 - 01290784 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\gtku07ww.exe
2014-02-08 15:13 - 2014-02-08 15:14 - 99576672 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\grw210ww_32.exe
2014-02-08 15:12 - 2014-02-08 15:13 - 153816552 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vd619ww.exe
2014-02-08 15:12 - 2014-02-08 15:12 - 00000000 ____D () C:\Program Files\Intel
2014-02-08 15:12 - 2013-11-15 15:40 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2014-02-08 15:11 - 2014-02-08 15:11 - 02035792 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\g1ic09ww.exe
2014-02-08 15:11 - 2014-02-08 15:11 - 00000000 ____D () C:\Intel
2014-02-08 15:09 - 2014-02-08 15:09 - 10130760 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7yca08ww.exe
2014-02-08 15:07 - 2014-02-08 15:07 - 55406184 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7zbv19ww(2).exe
2014-02-08 15:05 - 2014-02-08 15:06 - 83303568 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vba20ww.exe
2014-02-08 15:04 - 2014-02-08 15:04 - 00297208 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vbm02ww.exe
2014-02-08 15:03 - 2014-02-08 15:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Macromedia
2014-02-08 15:03 - 2014-02-08 15:03 - 00000000 ____D () C:\Users\Jan\AppData\Local\Macromedia

==================== One Month Modified Files and Folders =======

2014-03-08 10:56 - 2014-03-08 10:56 - 01145344 _____ (Farbar) C:\Users\Jan\Downloads\FRST(1).exe
2014-03-08 10:56 - 2014-03-08 10:56 - 00011855 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-03-08 10:56 - 2014-03-07 15:52 - 00000000 ____D () C:\FRST
2014-03-08 10:55 - 2014-03-08 10:55 - 01145344 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-03-08 10:49 - 2014-01-06 03:23 - 01859903 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 10:48 - 2014-03-08 10:48 - 00094461 _____ () C:\Users\Jan\Documents\GMER 2.log
2014-03-08 10:48 - 2014-03-08 10:47 - 00095529 _____ () C:\Users\Jan\Documents\GMER 2.txt
2014-03-08 10:20 - 2014-01-24 16:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 10:02 - 2009-07-14 05:34 - 00015296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 10:02 - 2009-07-14 05:34 - 00015296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 09:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 09:54 - 2009-07-14 05:39 - 00042887 _____ () C:\Windows\setupact.log
2014-03-07 19:34 - 2014-01-06 03:55 - 00125760 _____ () C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 19:27 - 2014-01-06 05:50 - 00125760 _____ () C:\Users\Standard\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 19:25 - 2009-07-14 05:33 - 03872744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 19:24 - 2014-01-06 04:41 - 00241976 _____ () C:\Windows\PFRO.log
2014-03-07 16:04 - 2014-03-07 16:04 - 00380416 _____ () C:\Users\Jan\Desktop\Gmer-19357.exe
2014-03-07 15:48 - 2014-01-06 06:14 - 00000000 ____D () C:\Program Files\Adobe
2014-03-07 15:47 - 2014-01-06 06:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-07 15:40 - 2014-01-06 06:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-07 15:28 - 2014-01-06 03:28 - 00000000 ____D () C:\Users\Jan
2014-03-07 15:11 - 2014-03-07 15:11 - 00010519 _____ () C:\Users\Standard\Documents\tele.xlsx
2014-03-07 15:10 - 2014-01-06 06:14 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-03-07 14:54 - 2014-01-06 10:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-05 23:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-05 23:30 - 2014-01-06 03:32 - 01802554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 22:47 - 2014-01-06 06:21 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Adobe
2014-03-05 22:47 - 2014-01-06 06:21 - 00000000 ____D () C:\Users\Standard\AppData\Local\Adobe
2014-03-05 22:31 - 2014-01-31 17:54 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-03-05 22:03 - 2014-03-05 22:03 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\WinRAR
2014-03-05 22:02 - 2014-03-05 22:02 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-05 22:02 - 2014-03-05 22:02 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-05 21:01 - 2014-03-05 21:01 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-03-05 20:36 - 2014-03-05 20:36 - 00000000 ____D () C:\Program Files\My Company Name
2014-03-05 20:36 - 2014-03-05 20:36 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-03-04 13:46 - 2014-03-04 13:46 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-03-04 13:46 - 2014-02-08 17:28 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-04 13:45 - 2014-03-04 13:45 - 00001964 _____ () C:\Users\Public\Desktop\@RISK 6.lnk
2014-03-04 13:45 - 2014-03-04 13:45 - 00000000 ____D () C:\Program Files\Common Files\Data Dynamics
2014-03-04 13:45 - 2014-03-04 13:42 - 00000000 ____D () C:\Program Files\Palisade
2014-03-04 13:40 - 2014-03-04 13:40 - 00000000 ____D () C:\Users\Jan\AppData\Local\Downloaded Installations
2014-03-04 13:40 - 2014-03-04 13:31 - 165777624 _____ (Palisade Corporation) C:\Users\Standard\Downloads\RISK62-Setup.exe
2014-03-03 20:06 - 2014-01-08 02:35 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-03-01 20:06 - 2014-02-08 17:30 - 00000000 ____D () C:\Users\Standard\AppData\Local\Plantronics
2014-02-26 17:02 - 2014-02-05 19:25 - 01769472 _____ () C:\Users\Standard\Documents\Kontakte-Webdatenbank.accdb
2014-02-26 17:00 - 2014-01-06 14:01 - 00000000 ____D () C:\Users\Standard\Documents\ES2L
2014-02-25 22:25 - 2014-02-25 21:44 - 00017394 _____ () C:\Users\Standard\Documents\Verkäufe.xlsx
2014-02-25 22:25 - 2014-02-25 21:44 - 00011099 _____ () C:\Users\Standard\Documents\Kundenstamm.xlsx
2014-02-25 22:25 - 2014-02-21 20:12 - 02723840 _____ () C:\Users\Standard\Documents\Verkäufe.accdb
2014-02-25 20:31 - 2014-01-26 13:42 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-25 02:15 - 2014-01-06 14:01 - 00024176 _____ () C:\Users\Standard\Documents\Mitarbeiter.xlsx
2014-02-25 00:46 - 2014-02-12 19:09 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-22 23:08 - 2014-02-22 23:08 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-22 23:08 - 2014-02-22 23:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-22 23:08 - 2014-01-06 05:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 11:31 - 2014-02-01 03:09 - 00000000 ____D () C:\Users\Standard\AppData\Local\Microsoft Help
2014-02-21 21:20 - 2014-01-06 06:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 21:20 - 2014-01-06 06:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 20:05 - 2014-01-06 04:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-20 17:26 - 2014-01-06 14:01 - 00000000 ____D () C:\Users\Standard\Documents\City-Rack
2014-02-16 18:18 - 2014-01-25 12:12 - 00000000 ____D () C:\Users\Standard\.maplesoft
2014-02-16 18:18 - 2014-01-06 05:25 - 00000000 ____D () C:\Users\Standard
2014-02-16 17:05 - 2014-01-06 14:01 - 00000000 ____D () C:\Users\Standard\Documents\Bücher
2014-02-16 15:37 - 2014-02-16 15:37 - 00009725 _____ () C:\Users\Standard\Documents\Mappe1.xlsx
2014-02-15 21:54 - 2014-02-11 14:43 - 00000000 ____D () C:\Users\Standard\Documents\Visual Studio 2013
2014-02-14 17:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 15:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-14 02:38 - 2014-01-26 14:11 - 00000000 ____D () C:\Windows\pss
2014-02-14 00:42 - 2014-01-06 04:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 00:39 - 2014-01-06 04:20 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 00:34 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-14 00:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-13 11:37 - 2014-02-13 11:37 - 00331369 _____ () C:\Users\Standard\Documents\Umlaufbogen_Ansicht 1.xps
2014-02-12 22:20 - 2014-02-01 12:10 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-02-12 00:31 - 2014-02-01 01:37 - 00000000 ____D () C:\Users\Standard\Documents\Visual Studio 2010
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\NuGet
2014-02-11 14:44 - 2014-02-11 14:44 - 00001499 _____ () C:\Users\Standard\Desktop\Visual Studio 2013.lnk
2014-02-11 14:40 - 2014-02-11 14:38 - 00000000 ____D () C:\Users\Jan\Documents\Visual Studio 2013
2014-02-11 14:35 - 2014-02-11 13:03 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-02-11 14:28 - 2014-02-01 00:53 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-02-11 14:26 - 2014-02-11 14:26 - 00000000 ____D () C:\Program Files\Workflow Manager Tools
2014-02-11 14:26 - 2014-02-11 14:26 - 00000000 ____D () C:\Program Files\Open XML SDK
2014-02-11 14:25 - 2014-02-11 14:25 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2014-02-11 14:25 - 2014-02-11 14:25 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2014-02-11 14:23 - 2014-01-06 05:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-11 14:21 - 2014-02-11 14:21 - 00000000 ____D () C:\Program Files\Application Verifier
2014-02-11 14:20 - 2014-02-11 14:20 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-02-11 14:18 - 2014-02-11 14:03 - 00000000 ____D () C:\Program Files\Windows Kits
2014-02-11 14:18 - 2014-02-01 00:53 - 00000000 ____D () C:\Program Files\Common Files\Merge Modules
2014-02-11 14:13 - 2014-02-01 02:25 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-02-11 14:09 - 2014-02-11 14:08 - 00000000 ____D () C:\Program Files\Microsoft Web Tools
2014-02-11 14:08 - 2014-02-11 14:07 - 00000000 ____D () C:\Program Files\IIS Express
2014-02-11 14:07 - 2014-02-11 14:07 - 00000000 ____D () C:\ProgramData\NuGet
2014-02-11 14:07 - 2014-02-11 14:07 - 00000000 ____D () C:\Program Files\NuGet
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Program Files\Microsoft WCF Data Services
2014-02-11 14:06 - 2014-02-01 02:25 - 00000000 ____D () C:\Program Files\IIS
2014-02-11 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-11 14:00 - 2014-02-01 00:54 - 00000000 ____D () C:\Windows\system32\1031
2014-02-11 13:55 - 2014-02-01 00:53 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-02-11 13:52 - 2014-02-01 02:51 - 00000000 ____D () C:\Windows\system32\1033
2014-02-11 13:52 - 2014-02-01 02:44 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-11 13:50 - 2014-01-06 05:55 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-11 13:49 - 2014-02-11 13:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 13:45 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-11 13:30 - 2014-02-11 13:25 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\ImgBurn
2014-02-11 13:10 - 2014-02-11 13:10 - 00001815 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-02-11 13:10 - 2014-02-11 13:10 - 00000000 ____D () C:\Program Files\ImgBurn
2014-02-11 12:29 - 2014-02-11 12:29 - 00002276 _____ () C:\Users\Public\Desktop\MP3.lnk
2014-02-11 12:29 - 2014-02-11 12:29 - 00000000 ____D () C:\Users\Standard\Documents\DVDVideoSoft
2014-02-11 12:29 - 2014-02-11 12:29 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\DVDVideoSoft
2014-02-11 12:29 - 2014-02-11 12:28 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\DVDVideoSoft
2014-02-11 12:29 - 2014-02-11 12:28 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-02-11 12:28 - 2014-02-11 12:28 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-02-11 11:35 - 2014-02-11 11:35 - 00000000 ____D () C:\Users\Standard\Downloads\Visual Studio 2013 Professional 32-bit (German)
2014-02-11 11:15 - 2014-02-11 11:15 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\e-academy Inc
2014-02-10 23:30 - 2014-02-10 23:30 - 00003005 _____ () C:\Users\Standard\Desktop\Visio 2013.lnk
2014-02-10 23:26 - 2014-01-06 05:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-10 23:26 - 2014-01-06 05:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-10 23:04 - 2014-01-31 23:29 - 00000000 ____D () C:\Users\Standard\Downloads\Software
2014-02-08 17:31 - 2014-02-08 17:31 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\FLEXnet
2014-02-08 17:29 - 2014-02-08 17:29 - 00000000 ____D () C:\Program Files\Winamp
2014-02-08 17:29 - 2014-02-08 17:29 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\ProgramData\Plantronics
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-08 17:28 - 2014-02-08 17:28 - 00000000 ____D () C:\Program Files\Plantronics
2014-02-08 17:28 - 2014-02-08 15:18 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-08 17:27 - 2014-02-08 17:27 - 00000000 ____D () C:\Program Files\Common Files\Plantronics
2014-02-08 17:27 - 2014-01-06 06:38 - 00000000 ____D () C:\Program Files\DIFX
2014-02-08 17:07 - 2014-01-06 06:38 - 00079440 _____ () C:\Windows\DPINST.LOG
2014-02-08 16:56 - 2014-02-08 16:56 - 00000000 ____D () C:\Users\Standard\Documents\Bluetooth-Exchange-Ordner
2014-02-08 16:56 - 2014-02-08 16:56 - 00000000 ____D () C:\Users\Standard\AppData\Local\Broadcom
2014-02-08 16:52 - 2014-01-06 07:03 - 00000000 ____D () C:\Program Files\ThinkPad
2014-02-08 16:24 - 2014-02-08 16:23 - 12593024 _____ (Broadcom Corporation.) C:\Users\Jan\Downloads\SetupBtwDownloadSE.exe
2014-02-08 15:49 - 2014-02-08 15:49 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\PwrMgr
2014-02-08 15:48 - 2014-01-06 06:59 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-08 15:48 - 2014-01-06 06:59 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-02-08 15:47 - 2014-02-08 15:46 - 11082072 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\8jvu39ww.exe
2014-02-08 15:38 - 2014-02-08 15:38 - 00000000 ____D () C:\Users\Jan\AppData\Local\Lenovo
2014-02-08 15:37 - 2014-02-08 15:37 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\PwrMgr
2014-02-08 15:29 - 2014-02-08 15:29 - 00000000 ____D () C:\Users\Standard\AppData\Local\Lenovo
2014-02-08 15:24 - 2014-02-08 15:24 - 00000000 ____D () C:\ProgramData\Lenovo
2014-02-08 15:22 - 2014-01-06 06:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-08 15:22 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-02-08 15:21 - 2014-02-08 15:20 - 56151064 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7uwc49ww.exe
2014-02-08 15:20 - 2014-02-08 15:19 - 22016376 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\g1gp20ww.exe
2014-02-08 15:17 - 2014-02-08 15:17 - 26338936 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\gtu402ww.exe
2014-02-08 15:16 - 2014-02-08 15:16 - 01290784 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\gtku07ww.exe
2014-02-08 15:14 - 2014-02-08 15:13 - 99576672 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\grw210ww_32.exe
2014-02-08 15:13 - 2014-02-08 15:12 - 153816552 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vd619ww.exe
2014-02-08 15:12 - 2014-02-08 15:12 - 00000000 ____D () C:\Program Files\Intel
2014-02-08 15:11 - 2014-02-08 15:11 - 02035792 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\g1ic09ww.exe
2014-02-08 15:11 - 2014-02-08 15:11 - 00000000 ____D () C:\Intel
2014-02-08 15:09 - 2014-02-08 15:09 - 10130760 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7yca08ww.exe
2014-02-08 15:07 - 2014-02-08 15:07 - 55406184 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7zbv19ww(2).exe
2014-02-08 15:06 - 2014-02-08 15:05 - 83303568 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vba20ww.exe
2014-02-08 15:04 - 2014-02-08 15:04 - 00297208 _____ (Lenovo Group Limited ) C:\Users\Jan\Downloads\7vbm02ww.exe
2014-02-08 15:03 - 2014-02-08 15:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Macromedia
2014-02-08 15:03 - 2014-02-08 15:03 - 00000000 ____D () C:\Users\Jan\AppData\Local\Macromedia
2014-02-06 11:38 - 2014-02-14 00:46 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-14 00:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-14 00:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-14 00:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-14 00:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 00:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-14 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 00:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-14 00:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-14 00:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-14 00:46 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-14 00:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-14 00:46 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-14 00:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-14 00:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-14 00:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 00:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 00:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-14 00:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-14 00:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-14 00:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jan\AppData\Local\Temp\ose00000.exe
C:\Users\Jan\AppData\Local\Temp\ose00001.exe
C:\Users\Jan\AppData\Local\Temp\ose00002.exe
C:\Users\Standard\AppData\Local\Temp\DelayInst.exe
C:\Users\Standard\AppData\Local\Temp\installservice.exe
C:\Users\Standard\AppData\Local\Temp\proxy_vole2473293442550546406.dll
C:\Users\Standard\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 10:40

==================== End Of Log ============================
         

--- --- ---

--- --- ---

[CODEGMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-08 10:48:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS543225L9SA00 rev.FBEZC43C 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\JANSTA~1\AppData\Local\Temp\pxldipog.sys


---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                         82C87A15 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CC1212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x91805000, 0x2BFBF0, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\lsass.exe[644] ntdll.dll!RtlExitUserThread                                   76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] ntdll.dll!KiUserExceptionDispatcher                           76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrLoadDll                                          76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA                                   763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect                                   76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA                                   764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW                                   764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!GlobalAlloc                                      7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress                                   7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA                                     7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA                                      7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW                                     7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!FreeLibrary                                      7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!WriteFile                                        764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!ExitProcess                                      7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessInternalA                           7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!WriteFileEx                                      7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!GetThreadContext                                 76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!WriteProcessMemory                               7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec                                          7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx                                 7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] kernel32.dll!SetThreadContext                                 764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!closesocket                                        76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!WSAStartup                                         76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!bind                                               76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!accept                                             76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!recv                                               76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!connect                                            76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!send                                               76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!getpeername                                        76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!listen                                             76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\lsass.exe[644] WS2_32.dll!WSASocketA                                         76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] ntdll.dll!RtlExitUserThread                                 76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] ntdll.dll!KiUserExceptionDispatcher                         76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] ntdll.dll!LdrLoadDll                                        76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!CreateProcessA                                 763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!VirtualProtect                                 76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!LoadLibraryExA                                 764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!LoadLibraryExW                                 764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!GlobalAlloc                                    7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!GetProcAddress                                 7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!LoadLibraryA                                   7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!CreateFileA                                    7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!LoadLibraryW                                   7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!FreeLibrary                                    7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!WriteFile                                      764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!ExitProcess                                    7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!CreateProcessInternalA                         7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!WriteFileEx                                    7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!GetThreadContext                               76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!WriteProcessMemory                             7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!WinExec                                        7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!VirtualProtectEx                               7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] kernel32.dll!SetThreadContext                               764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!closesocket                                      76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!WSAStartup                                       76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!bind                                             76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!accept                                           76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!recv                                             76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!connect                                          76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!send                                             76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!getpeername                                      76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!listen                                           76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[704] WS2_32.dll!WSASocketA                                       76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] ntdll.dll!RtlExitUserThread                                 76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] ntdll.dll!KiUserExceptionDispatcher                         76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] ntdll.dll!LdrLoadDll                                        76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessA                                 763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtect                                 76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA                                 764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW                                 764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!GlobalAlloc                                    7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!GetProcAddress                                 7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryA                                   7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileA                                    7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryW                                   7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!FreeLibrary                                    7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!WriteFile                                      764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!ExitProcess                                    7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessInternalA                         7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!WriteFileEx                                    7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!GetThreadContext                               76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!WriteProcessMemory                             7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!WinExec                                        7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx                               7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] kernel32.dll!SetThreadContext                               764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!closesocket                                      76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!WSAStartup                                       76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!bind                                             76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!accept                                           76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!recv                                             76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!connect                                          76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!send                                             76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!getpeername                                      76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!listen                                           76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[768] WS2_32.dll!WSASocketA                                       76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] ntdll.dll!RtlExitUserThread                                 76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher                         76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] ntdll.dll!LdrLoadDll                                        76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessA                                 763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!VirtualProtect                                 76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA                                 764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW                                 764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!GlobalAlloc                                    7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!GetProcAddress                                 7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryA                                   7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateFileA                                    7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryW                                   7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!FreeLibrary                                    7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!WriteFile                                      764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!ExitProcess                                    7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessInternalA                         7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!WriteFileEx                                    7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!GetThreadContext                               76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!WriteProcessMemory                             7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!WinExec                                        7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx                               7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] kernel32.dll!SetThreadContext                               764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!closesocket                                      76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!WSAStartup                                       76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!bind                                             76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!accept                                           76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!recv                                             76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!connect                                          76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!send                                             76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!getpeername                                      76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!listen                                           76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[924] WS2_32.dll!WSASocketA                                       76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1056] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[1116] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1140] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1164] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1296] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1700] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[1892] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2220] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[2728] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\system32\svchost.exe[3776] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] ntdll.dll!RtlExitUserThread                                        76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] ntdll.dll!KiUserExceptionDispatcher                                76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] ntdll.dll!LdrLoadDll                                               76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!CreateProcessA                                        763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!CopyFileExW                                           763FB280 7 Bytes  JMP 74E999F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!VirtualProtect                                        76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!LoadLibraryExA                                        764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!LoadLibraryExW                                        764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!MoveFileWithProgressW                                 76408DD4 5 Bytes  JMP 74E99B10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!GlobalAlloc                                           7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!GetProcAddress                                        7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!LoadLibraryA                                          7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!CreateFileA                                           7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!LoadLibraryW                                          7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!FreeLibrary                                           7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!WriteFile                                             764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!ExitProcess                                           7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!CreateProcessInternalA                                7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!WriteFileEx                                           7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!GetThreadContext                                      76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!WriteProcessMemory                                    7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!WinExec                                               7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!VirtualProtectEx                                      7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] kernel32.dll!SetThreadContext                                      764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] ole32.dll!CoCreateInstance                                         75369D0B 8 Bytes  JMP 74E9A1E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!closesocket                                             76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!WSAStartup                                              76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!bind                                                    76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!accept                                                  76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!recv                                                    76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!connect                                                 76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!send                                                    76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!getpeername                                             76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!listen                                                  76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WS2_32.dll!WSASocketA                                              76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WININET.dll!InternetReadFile                                       754B18D0 5 Bytes  JMP 74E94D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WININET.dll!InternetQueryDataAvailable                             754B56E9 5 Bytes  JMP 74E94DB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WININET.dll!InternetOpenA                                          754D2AED 5 Bytes  JMP 74E94DF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\Explorer.EXE[4452] WININET.dll!InternetOpenUrlA                                       7556DDC5 5 Bytes  JMP 74E94DD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] ntdll.dll!RtlExitUserThread                                76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] ntdll.dll!KiUserExceptionDispatcher                        76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] ntdll.dll!LdrLoadDll                                       76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!CreateProcessA                                763C2082 5 Bytes  JMP 74E95050 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!VirtualProtect                                76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!LoadLibraryExA                                764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!LoadLibraryExW                                764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!GlobalAlloc                                   7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!GetProcAddress                                7640CC84 5 Bytes  JMP 74E94FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!LoadLibraryA                                  7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!CreateFileA                                   7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!LoadLibraryW                                  7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!FreeLibrary                                   7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!WriteFile                                     764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!ExitProcess                                   7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!CreateProcessInternalA                        7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!WriteFileEx                                   7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!GetThreadContext                              76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!WriteProcessMemory                            7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!WinExec                                       7644ED9E 5 Bytes  JMP 74E94E90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!VirtualProtectEx                              7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] kernel32.dll!SetThreadContext                              764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!closesocket                                     76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!WSAStartup                                      76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!bind                                            76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!accept                                          76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!recv                                            76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!connect                                         76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!send                                            76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!getpeername                                     76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!listen                                          76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\svchost.exe[4816] WS2_32.dll!WSASocketA                                      76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] ntdll.dll!RtlExitUserThread                               76EDF608 5 Bytes  JMP 74E94FF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] ntdll.dll!KiUserExceptionDispatcher                       76EF7048 5 Bytes  JMP 74E98620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] ntdll.dll!LdrLoadDll                                      76F122AE 5 Bytes  JMP 74E94E10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!VirtualProtect                               76402C15 5 Bytes  JMP 74E94ED0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!LoadLibraryExA                               764044AE 5 Bytes  JMP 74E94F50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!LoadLibraryExW                               764050C1 5 Bytes  JMP 74E94F30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!GlobalAlloc                                  7640A16D 5 Bytes  JMP 74E94F90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!LoadLibraryA                                 7640DC55 5 Bytes  JMP 74E94F70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!CreateFileA                                  7640EA51 5 Bytes  JMP 74E95070 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!LoadLibraryW                                 7640EF32 5 Bytes  JMP 74E94F10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!FreeLibrary                                  7640EF57 5 Bytes  JMP 74E95240 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!WriteFile                                    764153DE 5 Bytes  JMP 74E94E70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!ExitProcess                                  7641BBD2 5 Bytes  JMP 74E95010 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!CreateProcessInternalA                       7641C88C 5 Bytes  JMP 74E95030 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!WriteFileEx                                  7642551D 5 Bytes  JMP 74E94E50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!GetThreadContext                             76428BC4 5 Bytes  JMP 74E94FB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!WriteProcessMemory                           7642958F 5 Bytes  JMP 74E94E30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!VirtualProtectEx                             7644FD39 5 Bytes  JMP 74E94EB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] kernel32.dll!SetThreadContext                             764508B3 5 Bytes  JMP 74E94EF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!closesocket                                    76FF3918 5 Bytes  JMP 74E94CF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!WSAStartup                                     76FF3AB2 7 Bytes  JMP 74E94D50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!bind                                           76FF4582 5 Bytes  JMP 74E94D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!accept                                         76FF68B6 5 Bytes  JMP 74E94D30 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!recv                                           76FF6B0E 5 Bytes  JMP 74E94C70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!connect                                        76FF6BDD 5 Bytes  JMP 74E94CD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!send                                           76FF6F01 5 Bytes  JMP 74E94C50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!getpeername                                    76FF7147 5 Bytes  JMP 74E94CB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!listen                                         76FFB001 5 Bytes  JMP 74E94C90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text   C:\Windows\System32\rundll32.exe[4920] WS2_32.dll!WSASocketA                                     76FFC82A 5 Bytes  JMP 74E94D70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

---- Devices - GMER 2.1 ----

Device  \Driver\kbdclass \Device\KeyboardClass0                                                          Tppwr32v.sys
Device  \Driver\kbdclass \Device\KeyboardClass1                                                          Tppwr32v.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e73ec6                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e73ec6@48c1ac838673         0x9F 0x4F 0xA2 0xB1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e73ec6@0018091f6d77         0xD8 0x18 0xB9 0xB4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e73ec6@781fdbc27377         0x9E 0x9F 0xF0 0x36 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e73ec6 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e73ec6@48c1ac838673             0x9F 0x4F 0xA2 0xB1 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e73ec6@0018091f6d77             0xD8 0x18 0xB9 0xB4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e73ec6@781fdbc27377             0x9E 0x9F 0xF0 0x36 ...

---- EOF - GMER 2.1 ----
         

--- --- ---
][/CODE]

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.