|
Plagegeister aller Art und deren Bekämpfung: hohe CPU-Auslastung durch svhost.exe(netsvcs)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.09.2015, 11:25 | #16 |
| hohe CPU-Auslastung durch svhost.exe(netsvcs) eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-11-15 12:39:56 # local_time=2010-11-15 01:39:56 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 8208316 8208316 0 0 # compatibility_mode=5893 16776573 100 94 8571738 42175295 0 0 # compatibility_mode=8192 67108863 100 0 3998 3998 0 0 # compatibility_mode=8449 16775165 50 99 4753 4087502 0 0 # scanned=471795 # found=1 # cleaned=1 # scan_time=11972 C:\Users\Markus\AppData\Local\Temp\plugtmp-163\plugin-Notes1.pdf JS/Exploit.Pdfka.OIJ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-27 01:15:01 # local_time=2010-11-27 02:15:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 9248026 9248026 0 0 # compatibility_mode=5893 16776573 100 94 9611448 43215005 0 0 # compatibility_mode=8192 67108863 100 0 1043708 1043708 0 0 # compatibility_mode=8449 16775166 50 99 4664 5127212 0 0 # scanned=593174 # found=0 # cleaned=0 # scan_time=11167 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-01 03:47:19 # local_time=2011-02-01 04:47:19 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 15004943 15004943 0 0 # compatibility_mode=5893 16776573 100 94 3516282 48971922 0 0 # compatibility_mode=8192 67108863 100 0 6800625 6800625 0 0 # compatibility_mode=8449 16775166 50 99 8584 10884063 1382 0 # scanned=366574 # found=5 # cleaned=5 # scan_time=9008 C:\Users\Markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\23b2473e-2bb788b6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3199e407-18b39238 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Markus\Downloads\JLoads\3900\3900\bieof10g.part01.rar Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Markus\Downloads\JLoads\3900\3900\bieof10g\bieof10g.iso a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Markus\Downloads\JLoads\3900\3900\bieof10g\0ffice2010ActivC0nKit\0ffice2010ActivC0nKit\O1.6.exe Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-01 09:45:22 # local_time=2011-02-01 10:45:22 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 15028596 15028596 0 0 # compatibility_mode=5893 16776573 100 94 3539935 48995575 0 0 # compatibility_mode=8192 67108863 100 0 6824278 6824278 0 0 # compatibility_mode=8449 16775166 50 99 16647 10907716 0 0 # scanned=298913 # found=0 # cleaned=0 # scan_time=6818 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=13473 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-03-25 12:43:36 # local_time=2013-03-25 01:43:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 337908 115802066 0 0 # compatibility_mode=8450 16777213 85 98 35396 78490039 0 0 # scanned=914538 # found=11 # cleaned=10 # scan_time=30663 sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung" ac=I fn="C:\Users\All Users\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi" sh=7CE3756FD766C5ABF3040C21F5B7ECCE2A426B23 ft=1 fh=abdbfcd593573440 vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll" sh=441A2DB1E874921AB5A464A19C019F0DD218DCAA ft=1 fh=cae042f77220f344 vn="Win32/Toolbar.Zugo Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe" sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi" sh=F5CEC54C9AAC59167BA95EC8077438BE381FBA3D ft=1 fh=6b9d0ee107127394 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\installChecker.exe" sh=166F0EA8631942FE09931EE0DAA5C0CB2FD3CD98 ft=1 fh=765e218dff63af9e vn="Variante von Win32/DownloadSponsor.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\OCS\ocs_v6n.exe" sh=EE761298D98DAC24166E0EBB43CC3A28D6C40DDD ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.T Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt.rar" sh=BC59975A117C9E5105175424DE04CE8D84296BF6 ft=1 fh=77b67014f649749f vn="Variante von Win32/DownloadSponsor.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\CCleaner 3.22.1800.exe" sh=59695720D1E0D61D2F45680B77512512507A588A ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.T Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt.rar" sh=0CF3B2409485D27639FDE96FBF39E9942E9DD874 ft=1 fh=08f661bcecc1b190 vn="Variante von Win32/HackTool.Patcher.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt.exe" sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\27eace5.msi" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=14929 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-08-28 02:08:41 # local_time=2013-08-28 04:08:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 129328771 0 0 # compatibility_mode=8450 16777213 85 98 10620203 92016744 0 0 # scanned=211 # found=0 # cleaned=0 # scan_time=36 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=15180 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-09-19 06:37:08 # local_time=2013-09-19 08:37:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 1688203 131202478 0 0 # compatibility_mode=8450 16777213 85 98 12493910 93890451 0 0 # scanned=14 # found=0 # cleaned=0 # scan_time=9 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=21701 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-12-25 07:48:39 # local_time=2014-12-25 08:48:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 546489 171166769 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 99 28099560 28103513 0 0 # scanned=1092822 # found=15 # cleaned=14 # scan_time=25563 sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe" sh=0B0799F600F0CF0129FEAA6F78E456BACC7AE1B2 ft=1 fh=1f4807c137b3de63 vn="Variante von Win32/Amonetize.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R8C1BM3.part" sh=241E168EFA1F37105368CE8ED4A9AEE438F09F08 ft=1 fh=bca334f013d9fd52 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R98YLJN.exe" sh=5F2FC606F743604BAB30477DBDE70937516B9A01 ft=1 fh=0c78747fcc2aabba vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RBL1YY7.exe" sh=4197193677F825EE87068C0E215EAC9FC20BB8C5 ft=1 fh=3f21a1ec15280253 vn="Variante von Win32/ELEX.Z evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RFQU9I8.exe" sh=54EED9F0D94ABAE1665E1F99CB96028E5C3CC670 ft=1 fh=17552784e19f134e vn="Variante von Win32/SpeedingUpMyPC.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RSBABCE.exe" sh=9E097061AC5B4EAE8B07331FB4342B0C08B1BEA4 ft=1 fh=172630b7462151e1 vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RSE3JEB.exe" sh=658EC0910AB03D5576618571B4771A878A41E80A ft=1 fh=b18ecc43f2e673f0 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RYW6S3S.exe" sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Markus\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir" sh=CF3DF77B5F97153F1FB93C297988E8BE2C732021 ft=1 fh=5bc3a915fe3eda6d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe" sh=528FBB0E7ED33FE9BA7F1225866986190B3951AE ft=1 fh=97804dd837828d81 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\RarSFX0\mKMSAct.exe" sh=9D139260A67D59398CA9851D4DBD6F53C4C72861 ft=1 fh=0d7dd4cb14ce92d1 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\download_audiograbber.exe" sh=8971D8A6141E2C034BF2E0DE602B1E4CC2A7D0FB ft=1 fh=2fd4b32d830f57c8 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\Microsoft.Office.2010.Prof.Plus.VL.Crack\activate_O10_x64.exe" sh=AFB0DAC2CF9021CBD150273F13A5434907E5401F ft=1 fh=3e177085939dfeba vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\Microsoft.Office.2010.Prof.Plus.VL.Crack\restore_O10_x64.exe" sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=21734 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-12-29 09:24:48 # local_time=2014-12-29 10:24:48 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 88936 171474938 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 99 28411329 28411682 0 0 # scanned=1061538 # found=4 # cleaned=4 # scan_time=34315 sh=8BAE924D051582A919C97CB359A929AF124A4B1B ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R84ZMPO.zip" sh=3CB3AD370E025E8035CB6F84661D8BDEBA76DC25 ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE.rar" sh=62C1DC4A6CE382357415B457EDB53876E46200CF ft=0 fh=0000000000000000 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Microsoft.Office.2010.Prof.Plus.VL.Crack.rar" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Keygen.HA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\ADOBECREATIVESUITE60MASTERCOLLECTIONLS4ESD-ISO\MCCS6LS4.iso" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=22716 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-02 05:34:20 # local_time=2015-03-02 06:34:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 548205 176947510 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 99 33883901 33884254 0 0 # scanned=166304 # found=0 # cleaned=0 # scan_time=3769 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=23055 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-24 08:04:33 # local_time=2015-03-24 09:04:33 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 278414 178857323 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 99 35793714 35794067 0 0 # scanned=1062461 # found=6 # cleaned=5 # scan_time=26486 sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe" sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe" sh=5DC47ED9FE78DCF0BC60CD3BA9AFB1701E4C7C4F ft=1 fh=c859aff766b02684 vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\smt_istartsurf.exe" sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\B934D573F69tmp\tmp\wpm_v20.0.0.1953_0302.exe" sh=5A8D405004E11C89299CB1FE531CA19C1855AF63 ft=1 fh=5f36431e4eb5d376 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\B934D573F69tmp\tmp\XTab_Setup2021.exe" sh=807E17AB1B98177E135D30941B45081960D1E866 ft=1 fh=211e050d94f6a57b vn="Variante von Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\nst3F2D.tmp\install50738.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=init # utc_time=2015-09-28 02:18:29 # local_time=2015-09-28 04:18:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25976 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c393647cf03ccc448605baa2607df23d # end=updated # utc_time=2015-09-28 02:31:32 # local_time=2015-09-28 04:31:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=c393647cf03ccc448605baa2607df23d # engine=25976 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-09-29 04:25:04 # local_time=2015-09-29 06:25:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 105277 195130554 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 99 52066945 52067298 0 0 # scanned=1387307 # found=12 # cleaned=12 # scan_time=50011 sh=0BCC9AA4861BC06B4F8AFFEFD99809FFC5C61A84 ft=1 fh=39a511a453433688 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Counter-Strike 1.6 V40\DigitalPowered.exe" sh=CDC518B2AAA82E23BDA8B3A471D87C4F86C1AFA1 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Counter-Strike 1.6 V40\digitalpowered.xpi" sh=CDACCB07D8D42060648E2CE6E18588E7C36D9FD3 ft=1 fh=f397361be3378906 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\DigitalPowered\tbDigi.dll" sh=3CB3AD370E025E8035CB6F84661D8BDEBA76DC25 ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE.rar" sh=62C1DC4A6CE382357415B457EDB53876E46200CF ft=0 fh=0000000000000000 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Microsoft.Office.2010.Prof.Plus.VL.Crack.rar" sh=06C15CA58DDDA1072F5AB4C820DAC979FAA72A34 ft=1 fh=78c70a54817f7d30 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Installs\unlocker1.8.8.exe" sh=2F3272F36B3B237229BA9AC26C597AB19E6E6F53 ft=0 fh=0000000000000000 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 88.zip" sh=A83E1860D67EF99C455C3944F54555BF97A32999 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 89.zip" sh=9EEBA7DC25BFC102FF7158541A5B246221152F75 ft=0 fh=0000000000000000 vn="Win32/HackKMS.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 92.zip" sh=6A51DD136DB37FD5334BE7A073F9DF5866743E2D ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\PersonalBackup\LwC\ProgramData\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi.gz" sh=BC680B80028FB7DD7BCE2381C88B210EF2108D03 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\PersonalBackup\LwC\Users\Markus\AppData\Local\Temp\installChecker.exe.gz" sh=E8D704C8EA230ADD60C6584711EFDE7AA4D907C9 ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Studium\Diverses\romy\MathType 6.0c.rar" Code:
ATTFilter Results of screen317's Security Check version 1.008 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.134 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (39.0) Mozilla Thunderbird (38.2.0) Google Chrome (45.0.2454.101) Google Chrome (45.0.2454.99) ````````Process Check: objlist.exe by Laurent```````` Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Sophos Sophos Client Firewall SCFManager.exe Sophos Sophos Client Firewall SCFService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01 durchgeführt von Markus (Administrator) auf MARKUS-XPS16 (29-09-2015 11:08:55) Gestartet von C:\Users\Markus\Downloads\FRST-OlderVersion Geladene Profile: Markus (Verfügbare Profile: Markus) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Sysinternals - www.sysinternals.com) C:\Users\Markus\AppData\Local\Temp\PROCEXP64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{69BFD406-4B70-4422-A164-A77446CAED2C}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A3B6AD71-B99F-41E7-95ED-142AD65E001C}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 -> Standard = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM-x32 - (Kein Name) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - Keine Datei URLSearchHook: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000 - (Kein Name) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - Keine Datei SearchScopes: HKLM -> {D64566F6-9F1C-417B-AA9A-3F839DF50550} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {EBA29218-DEEF-4CD0-A8DA-928288F2C3E9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Keine Datei DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default FF Homepage: about:home FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei] FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [Keine Datei] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-19] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-19] (Apple Inc.) FF SearchPlugin: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\searchplugins\duckduckgo.xml [2014-05-30] FF SearchPlugin: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\searchplugins\ixquickde-https.xml [2010-03-10] FF Extension: German Dictionary - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-12] FF Extension: HTTPS-Everywhere - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\https-everywhere-eff@eff.org [2015-09-21] FF Extension: YouTube Unblocker - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\youtubeunblocker@unblocker.yt [2015-08-11] FF Extension: EPUBReader - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-06-05] FF Extension: WOT - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-08-11] FF Extension: Certificate Patrol - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\CertPatrol@PSYC.EU.xpi [2013-08-14] FF Extension: Flagfox - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF Extension: RSS Ticker - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2012-06-18] FF Extension: HTMLPlugin - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{4dd1bb1b-7556-407a-861e-5c2f419fbd4b}.xpi [2014-11-24] FF Extension: ftp service - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{4ebc1286-e574-46e5-9bf9-97e44dd9c524}.xpi [2014-11-27] FF Extension: NoScript - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-05-13] FF Extension: Adblock Plus - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6xytlfe7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-29] FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-14] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nicht gefunden Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll => Keine Datei CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => Keine Datei CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => Keine Datei CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => Keine Datei CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-26] CHR Extension: (YouTube) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-26] CHR Extension: (Adblock Plus) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-26] CHR Extension: (Google-Suche) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-26] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Ghostery) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-30] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Google Mail) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-26] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.istartsurf.com/?type=sc&ts=1427043515&from=smt&uid=ST9500420ASG_5VJ1EZ9DXXXX5VJ1EZ9D ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-27] () [Datei ist nicht signiert] S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [Datei ist nicht signiert] S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-15] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2014-02-03] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2014-02-03] (Sophos Limited) S4 SinusLicenceManager; C:\Program Files (x86)\SinusLicenceManager\SinusLMService.exe [1777664 2011-01-11] (SINUS Messtechnik GmbH) [Datei ist nicht signiert] S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2014-02-03] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited) R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [89112 2014-02-03] (Sophos Limited) R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [150552 2014-02-03] (Sophos Limited) R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2014-02-03] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2014-02-03] (Sophos Limited) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2014-02-03] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2014-02-03] (Sophos Limited) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 Adobe Version Cue CS3; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [X] S3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X] S4 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [X] S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] S4 SolidWorks Licensing Service; "C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-01-07] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 Firesat_Dvbc; C:\Windows\System32\DRIVERS\FireDTV_BDA_DVBC_x64.sys [32768 2009-03-12] (digital everywhere) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-01-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-07] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-07] (Nokia) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2014-02-03] (Sophos Limited) R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [102688 2014-02-03] (Sophos Limited) R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2014-02-03] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2014-02-03] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2014-02-03] (Sophos Plc) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-29] () [Datei ist nicht signiert] S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-06-06] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-07] (Windows (R) Codename Longhorn DDK provider) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 FastLynx; \??\C:\Program Files (x86)\Norsonic\Nor-Xfer\FastLynx.sys [X] S3 vserial; System32\DRIVERS\vserial.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\ThrottleStop_500\WinRing0x64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-29 11:07 - 2015-09-29 11:07 - 00001271 _____ C:\Users\Markus\Desktop\sec-checkup_29-09-2015.txt 2015-09-29 10:43 - 2015-09-29 10:43 - 00852704 _____ C:\Users\Markus\Downloads\SecurityCheck.exe 2015-09-29 10:32 - 2015-09-29 10:32 - 00004094 _____ C:\Users\Markus\Desktop\eset-Scan28-09-2015.txt 2015-09-26 17:35 - 2015-09-26 17:35 - 00000000 ____D C:\Users\Markus\Desktop\VIREN-KUR 2015-09-26 16:44 - 2015-09-29 11:08 - 00000000 ____D C:\Users\Markus\Downloads\FRST-OlderVersion 2015-09-26 15:50 - 2015-09-26 15:50 - 01798976 _____ (Malwarebytes) C:\Users\Markus\Downloads\JRT (2).exe 2015-09-26 15:40 - 2015-09-26 15:42 - 00000000 ____D C:\AdwCleaner 2015-09-26 15:40 - 2015-09-26 15:40 - 01662976 _____ C:\Users\Markus\Downloads\AdwCleaner_5.008.exe 2015-09-25 13:47 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-09-25 13:47 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-09-25 13:47 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2015-09-25 13:40 - 2015-09-25 13:40 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-25 13:40 - 2015-09-25 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-25 13:40 - 2015-09-25 13:40 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-25 13:40 - 2015-09-25 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-25 13:40 - 2015-09-25 13:40 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2015-09-25 13:40 - 2015-09-25 13:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-09-25 13:40 - 2015-09-25 13:40 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-25 13:40 - 2015-09-25 13:40 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-25 13:40 - 2015-09-25 13:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-09-25 13:40 - 2015-09-25 13:40 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-09-25 13:40 - 2015-09-25 13:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2015-09-25 13:40 - 2015-09-25 13:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-09-25 13:40 - 2015-09-25 13:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-25 13:37 - 2015-09-25 13:37 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-25 13:37 - 2015-09-25 13:37 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-25 13:37 - 2015-09-25 13:37 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-25 13:37 - 2015-09-25 13:37 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-25 13:36 - 2015-09-25 13:36 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2015-09-25 13:36 - 2015-09-25 13:36 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2015-09-25 13:34 - 2015-09-25 13:47 - 00011602 _____ C:\Windows\IE11_main.log 2015-09-25 13:17 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-25 13:17 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-25 13:17 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-25 13:17 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-25 13:17 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-25 13:17 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-25 13:17 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-25 13:17 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-25 13:17 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-25 13:17 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-25 13:17 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-25 13:17 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-09-25 13:17 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-09-25 13:17 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-09-25 13:17 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-09-25 13:17 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-09-25 13:17 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-25 13:17 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-25 13:17 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-09-25 13:17 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-09-25 13:17 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-09-25 13:17 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-09-25 13:17 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-09-25 13:17 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-09-25 13:16 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-09-25 13:16 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-09-25 13:15 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-25 13:15 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-25 13:15 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-25 13:15 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-09-25 13:15 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-25 13:15 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-25 13:15 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-25 13:15 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-25 13:15 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-25 13:15 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-25 13:15 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-25 13:15 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-25 13:15 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-25 13:15 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-09-25 13:15 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-25 13:15 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-25 13:15 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-25 13:15 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-25 13:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-25 13:15 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-25 13:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-25 13:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-25 13:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-25 13:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-25 13:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-25 13:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-25 13:15 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-25 13:15 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-25 13:15 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-25 13:15 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-25 13:15 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-25 13:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-25 13:15 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-25 13:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-25 13:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-25 13:15 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-25 13:15 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-25 13:15 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-25 13:15 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-25 13:15 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-25 13:15 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-09-25 13:14 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-25 13:14 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-25 13:14 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-25 13:14 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-25 13:14 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-25 13:14 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-25 13:14 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-25 13:14 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-25 13:14 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-25 13:14 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-25 13:14 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-25 13:14 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-25 13:14 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-25 13:14 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-09-25 13:14 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-25 13:14 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-09-25 13:14 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-25 13:14 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-09-25 13:14 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-09-25 13:14 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-25 13:14 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-09-25 13:14 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-09-25 13:14 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-09-25 13:14 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-09-25 13:13 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-25 13:13 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-25 13:13 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-25 13:13 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-25 13:13 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-25 13:13 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-25 13:13 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-25 13:13 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-25 13:13 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-25 13:13 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-09-25 13:13 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-09-25 13:13 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-09-25 13:13 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-09-25 13:13 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-09-25 13:13 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-09-25 13:13 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-09-25 13:13 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-09-25 13:13 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-09-25 13:13 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-09-25 13:13 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-09-25 13:13 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-09-25 13:13 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-09-25 13:13 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-09-25 13:13 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-25 13:09 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-25 13:09 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-25 13:09 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-25 13:09 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-25 13:09 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-25 13:09 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-25 13:09 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-25 13:09 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-25 13:09 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-25 13:09 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-25 01:11 - 2015-09-25 01:17 - 00000000 ____D C:\Users\Markus\Downloads\tweaking.com_windows_repair_aio 2015-09-25 01:11 - 2015-09-25 01:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com - Windows Repair 2015-09-25 01:02 - 2015-09-25 01:05 - 18071383 _____ C:\Users\Markus\Downloads\tweaking.com_windows_repair_aio.zip 2015-09-23 02:12 - 2015-09-23 02:15 - 00000000 ____D C:\FlatOut2 2015-09-23 00:59 - 2015-09-23 12:04 - 00000000 ____D C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-09-23 00:08 - 2015-09-24 18:21 - 00000000 ____D C:\Warcraft III reloaded an rage 2015-09-22 23:09 - 2015-09-29 06:19 - 00000000 ____D C:\Program Files (x86)\DigitalPowered 2015-09-22 20:11 - 2015-09-22 20:11 - 00020866 _____ C:\ComboFix.txt 2015-09-22 19:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-22 19:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-22 19:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-22 19:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-22 19:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-22 19:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-22 19:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-22 19:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-22 18:59 - 2015-09-22 20:11 - 00000000 ____D C:\Qoobox 2015-09-22 18:59 - 2015-09-22 20:06 - 00000000 ____D C:\Windows\erdnt 2015-09-22 18:22 - 2015-09-22 18:22 - 05635484 ____R (Swearware) C:\Users\Markus\Downloads\ComboFix.exe 2015-09-14 10:35 - 2015-09-14 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-09-08 11:51 - 2015-09-08 11:51 - 00000000 ____D C:\Users\Markus\Downloads\KyoceraClassicU...ivers150311 2015-09-08 11:47 - 2015-09-08 11:47 - 24288960 _____ C:\Users\Markus\Downloads\KyoceraClassicU...ivers150311.zip 2015-09-06 13:51 - 2015-09-07 08:48 - 00000000 ____D C:\Users\Markus\Desktop\GW-Tour Bilder 2015-09-05 18:44 - 2015-09-17 11:59 - 00000000 ____D C:\Users\Markus\Desktop\Bilder-S3_05-09-2015 2015-09-03 11:44 - 2015-09-03 11:44 - 00001496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2015-09-03 11:44 - 2015-09-03 11:44 - 00001484 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2015-09-03 11:42 - 2015-09-03 11:43 - 73133136 _____ (Adobe Systems Incorporated) C:\Users\Markus\Downloads\ApplicationManager9.0_all.exe 2015-09-03 08:40 - 2015-09-03 08:40 - 00000000 ____D C:\ProgramData\ALM 2015-09-03 08:31 - 2015-09-03 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-29 11:09 - 2015-08-11 09:23 - 00000000 ____D C:\FRST 2015-09-29 10:12 - 2013-05-26 17:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-29 02:40 - 2009-07-14 07:10 - 01622374 _____ C:\Windows\WindowsUpdate.log 2015-09-28 17:12 - 2013-05-26 17:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-28 16:20 - 2009-07-14 19:58 - 00645354 _____ C:\Windows\system32\perfh007.dat 2015-09-28 16:20 - 2009-07-14 19:58 - 00130892 _____ C:\Windows\system32\perfc007.dat 2015-09-28 16:20 - 2009-07-14 07:13 - 01516610 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-28 16:18 - 2011-10-12 13:22 - 00000000 ____D C:\Users\Markus\Documents\#GEWERBE 2015-09-28 09:45 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-28 09:45 - 2009-07-14 06:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-28 09:35 - 2014-11-24 14:04 - 00000000 ____D C:\Users\Markus\Documents\#Private Paula 2015-09-27 13:44 - 2009-07-14 06:51 - 01133637 _____ C:\Windows\setupact.log 2015-09-27 13:43 - 2010-04-18 01:44 - 00000000 ____D C:\Users\Markus\AppData\Roaming\vlc 2015-09-27 01:17 - 2009-12-29 16:24 - 00000514 _____ C:\Windows\ODBC.INI 2015-09-27 01:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-26 16:44 - 2015-06-01 13:23 - 02192384 _____ (Farbar) C:\Users\Markus\Downloads\FRST64.exe 2015-09-26 15:53 - 2009-12-29 12:13 - 00000000 ____D C:\Users\Markus 2015-09-26 15:46 - 2015-03-25 11:44 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-26 15:43 - 2009-10-26 08:33 - 01367144 _____ C:\Windows\PFRO.log 2015-09-26 15:24 - 2009-10-26 17:17 - 00000000 ____D C:\Windows\Panther 2015-09-26 14:54 - 2015-03-25 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-26 14:54 - 2015-03-25 11:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-26 14:51 - 2009-12-29 12:13 - 00162696 _____ C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-26 13:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-09-26 01:52 - 2009-07-14 06:45 - 05425504 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-25 21:33 - 2009-07-14 04:34 - 00000423 _____ C:\Windows\win.ini 2015-09-25 14:56 - 2013-03-19 11:08 - 00001333 _____ C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-25 14:44 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-25 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-24 18:41 - 2010-01-20 16:20 - 00000000 ____D C:\Users\Markus\AppData\Roaming\Mp3tag 2015-09-23 13:34 - 2011-01-24 21:44 - 00000000 ____D C:\Users\Markus\AppData\Local\Unity 2015-09-22 23:33 - 2015-06-07 22:22 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-22 23:32 - 2012-03-06 14:26 - 00000000 ____D C:\Windows\pss 2015-09-22 23:31 - 2009-12-29 14:39 - 00000000 ____D C:\Users\Markus\AppData\Local\Apps\2.0 2015-09-22 23:28 - 2009-12-29 14:29 - 00000000 ____D C:\Users\Markus\AppData\Local\Adobe 2015-09-22 20:07 - 2015-08-26 22:05 - 00000000 _____ C:\Windows\system32\vireng.log 2015-09-22 20:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-22 20:04 - 2009-07-14 04:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_54 2015-09-17 17:07 - 2013-05-26 17:15 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-17 17:07 - 2013-05-26 17:15 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 01:15 - 2010-04-22 16:08 - 00000000 ____D C:\Users\Markus\AppData\Local\Google 2015-09-14 10:36 - 2013-01-10 12:18 - 00000000 ____D C:\Program Files (x86)\PDF24 2015-09-09 22:01 - 2009-12-31 12:40 - 00007600 _____ C:\Users\Markus\AppData\Local\Resmon.ResmonCfg 2015-09-09 13:37 - 2011-12-22 15:07 - 00000000 ____D C:\Users\Markus\.gimp-2.6 2015-09-03 11:17 - 2011-02-22 13:00 - 00000000 ____D C:\Program Files\Adobe 2015-09-03 11:16 - 2009-10-26 14:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-09-03 08:44 - 2011-02-22 14:17 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-09-03 08:43 - 2011-02-22 13:00 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-09-03 08:29 - 2009-10-26 14:48 - 00000000 ____D C:\ProgramData\Adobe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-10-09 01:07 - 2013-10-09 01:08 - 0000132 _____ () C:\Users\Markus\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-07-31 15:51 - 2012-07-31 16:00 - 0000132 _____ () C:\Users\Markus\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-04-17 16:44 - 2014-04-17 16:44 - 0029120 _____ () C:\Users\Markus\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2014-04-17 16:41 - 2014-04-17 17:13 - 0029119 _____ () C:\Users\Markus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2010-08-28 09:32 - 2010-08-28 09:32 - 0000268 ___RH () C:\Users\Markus\AppData\Roaming\Piano 2010-08-28 09:43 - 2010-10-20 12:45 - 0000000 _____ () C:\Users\Markus\AppData\Roaming\Piano Med 2010-09-19 22:20 - 2011-11-09 23:01 - 0000268 ___RH () C:\Users\Markus\AppData\Roaming\Plants 2011-11-09 23:02 - 2011-11-09 23:02 - 0000268 ___RH () C:\Users\Markus\AppData\Roaming\Plug-In Settings 2010-09-19 22:20 - 2011-11-09 23:01 - 0000268 ___RH () C:\Users\Markus\AppData\Roaming\Plug-Ins 2014-04-17 13:21 - 2015-03-25 10:58 - 0000308 _____ () C:\Users\Markus\AppData\Roaming\Rim.Desktop.Exception.log 2014-04-17 13:13 - 2015-03-25 10:33 - 0002257 _____ () C:\Users\Markus\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-04-17 13:21 - 2015-03-25 10:58 - 0000308 _____ () C:\Users\Markus\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-17 17:10 - 2014-04-17 17:10 - 0022041 _____ () C:\Users\Markus\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR 2009-12-29 20:46 - 2009-12-29 20:46 - 0000000 _____ () C:\Users\Markus\AppData\Roaming\wklnhst.dat 2012-02-05 18:31 - 2015-05-31 13:49 - 0018432 _____ () C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-03-08 19:18 - 2010-03-08 19:18 - 0000094 _____ () C:\Users\Markus\AppData\Local\fusioncache.dat 2009-12-31 12:40 - 2015-09-09 22:01 - 0007600 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg 2011-12-21 01:07 - 2011-12-29 14:08 - 0000125 ___SH () C:\ProgramData\.zreglib 2010-10-20 12:45 - 2010-10-20 12:45 - 0000000 _____ () C:\ProgramData\Piano Hard 2010-08-28 09:32 - 2010-08-28 09:32 - 0000268 ___RH () C:\ProgramData\Pick Bass 2010-08-28 09:32 - 2012-09-17 15:00 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2010-08-28 09:43 - 2010-10-20 12:45 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT 2010-09-19 22:20 - 2015-06-01 17:05 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2010-09-19 22:20 - 2015-06-01 17:04 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2010-09-19 22:20 - 2015-06-01 17:04 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT 2011-11-09 23:01 - 2011-11-09 23:01 - 0000268 ___RH () C:\ProgramData\Podcasting 2011-11-09 23:02 - 2011-11-09 23:02 - 0000268 ___RH () C:\ProgramData\Pop Flute 2011-11-09 23:01 - 2011-11-09 23:01 - 0000268 ___RH () C:\ProgramData\Pop Kit 2010-10-20 12:45 - 2011-11-08 20:57 - 0000000 _____ () C:\ProgramData\PPD Plugins Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\Markus\CTX.DAT Einige Dateien in TEMP: ==================== C:\Users\Markus\AppData\Local\Temp\PROCEXP64.exe C:\Users\Markus\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-23 09:39 ==================== Ende von FRST.txt ============================ |
29.09.2015, 11:25 | #17 |
| hohe CPU-Auslastung durch svhost.exe(netsvcs) FRST Addition:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 durchgeführt von Markus (2015-09-29 11:10:51) Gestartet von C:\Users\Markus\Downloads\FRST-OlderVersion Windows 7 Home Premium Service Pack 1 (X64) (2009-12-29 10:13:22) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2630195189-2654945084-3558987858-500 - Administrator - Disabled) ASPNET (S-1-5-21-2630195189-2654945084-3558987858-1006 - Limited - Enabled) Gast (S-1-5-21-2630195189-2654945084-3558987858-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2630195189-2654945084-3558987858-1004 - Limited - Enabled) Markus (S-1-5-21-2630195189-2654945084-3558987858-1000 - Administrator - Enabled) => C:\Users\Markus SophosSAUMARKUS-XPS0 (S-1-5-21-2630195189-2654945084-3558987858-1019 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337} FW: Sophos Client Firewall (Enabled) {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM-x32\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated) Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Advanced PDF Password Recovery (HKLM-x32\...\{FDF36223-1144-4309-A5C2-3D5DC40B6C82}) (Version: 5.4.48.423 - Elcomsoft Co. Ltd.) AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - ) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden Blender (HKLM\...\Blender) (Version: 2.64a-release - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{4D9EE5BD-93DF-4473-9F57-E73E9F36DC84}) (Version: 0.9.38 - Kovid Goyal) CamStudio (HKLM-x32\...\CamStudio) (Version: - ) CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.) ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden CDDRV_Installer (Version: 4.60 - Logitech) Hidden Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7821.1 - Microsoft) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Creative Element Power Tools (HKLM-x32\...\Creative Element Power Tools) (Version: 3.0.6 - Creative Element) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.25 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.36 - Dell) Dell Driver Download Manager (HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname) Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell) Dell System Detect (HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) DigitalPowered Toolbar (HKLM-x32\...\DigitalPowered Toolbar) (Version: - ) DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden DMXControl 2.11 (HKLM-x32\...\DMXControl) (Version: 2.11 - PopSoft) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen) EMCGadgets64 (Version: 1.0.302 - Ihr Firmenname) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Exact Audio Copy 1.0beta2 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta2 - Andre Wiethoff) FlashFXP (HKLM-x32\...\FlashFXP) (Version: 4.3.0.1933 - OpenSight Software LLC) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - ) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) GitHub (HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\5f7eb300e2ea4ebf) (Version: 2.3.1.1 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden GSview 4.9 (HKLM\...\GSview 4.9) (Version: - ) HASP HL Device Driver (HKLM-x32\...\HASP HL Device Driver) (Version: - ) HBX 6.5 (HKLM-x32\...\HBX_Deploy_0) (Version: 6.5 - Audio-Software) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT) Inkscape 0.48.0 (HKLM-x32\...\Inkscape) (Version: 0.48.0 - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) iTunesDSM (HKLM-x32\...\iTunesDSM) (Version: 0.9.6 - Brian Gibowski) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) SE Development Kit 6 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160210}) (Version: 1.6.0.210 - Oracle) JPG To PDF 2.2.1 (HKLM-x32\...\JPG To PDF_is1) (Version: - JPG To PDF Developer Team) KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech) Magic 3D EasyView (HKLM-x32\...\Magic 3D EasyView_is1) (Version: - Nicolaudie) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MATLAB R2009b (HKLM\...\MatlabR2009b) (Version: 7.9 - The MathWorks, Inc.) Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MiKTeX 2.9 (HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NetBeans IDE 6.9 (HKLM\...\nbi-nb-base-6.9.0.0.0) (Version: 6.9 - NetBeans.org) NetBeans IDE 7.3.1 (HKLM\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org) Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon) Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon) Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 11.62 (HKLM-x32\...\Opera 11.62.1347) (Version: 11.62.1347 - Opera Software ASA) Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 7.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Personal Backup 5.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: - J. Rathlev) Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH) Roxio File Backup (Version: 1.3.0 - Roxio) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) SAMURAI 2.0.21.807 (HKLM-x32\...\SAMURAI 2.0.21.807_15783_is1) (Version: - SINUS Messtechnik GmbH) Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{4320988A-7DE0-478D-A38B-CE9509BCE320}) (Version: 10.3.1 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited) Sophos Client Firewall (HKLM-x32\...\{12C00299-B8B4-40D3-9663-66ABEA3198AB}) (Version: 2.9.3 - Sophos Limited) Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited) Stacking (HKLM-x32\...\Steam App 115110) (Version: - Double Fine Productions) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.4 - Shark007) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Das (WinUSB) USB (2/1/2011 1.2.8) (HKLM\...\A4AF5D1384433F821F1140811A66E5A17D9F8EAF) (Version: 2/1/2011 1.2.8 - Das) Windows-Treiberpaket - Das USB (09/20/2010 1.6.0) (HKLM\...\3CAABDB4D5E19760A561BDB6506A3E8432AE8457) (Version: 09/20/2010 1.6.0 - Das) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll => Keine Datei ==================== Wiederherstellungspunkte ========================= 29-09-2015 07:02:23 Geplanter Prüfpunkt ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-09-25 21:33 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {00FDC7E2-F894-49FB-AFCD-30C3017056DB} - System32\Tasks\{02D76113-8781-40DA-AA68-1AAE82C88195} => pcalua.exe -a "C:\Program Files (x86)\MikTex\miktex/bin/internal\copystart.exe" -c "C:\Program Files (x86)\MikTex\miktex/bin/internal\uninstall.exe" Task: {0E8328D9-6141-41CB-878F-04B8E69E9E12} - System32\Tasks\{99C8B891-0689-4862-A733-E9C1F33336CC} => C:\Program Files (x86)\Winamp\winamp.exe Task: {0E8D2A2E-5CEC-4A3E-8878-081EA1BB6C82} - System32\Tasks\{8779B9A3-B2CC-4FE8-87E3-3768BA132330} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.) Task: {0F0E7EFC-5393-4AE7-9B9E-A718F851BDEE} - System32\Tasks\{FEB7D826-CDFD-47F1-A3BB-7A0A1708E60D} => pcalua.exe -a "C:\Users\Markus\Desktop\QIP 2005 8095 Jeak-Edition.exe" -d C:\Users\Markus\Desktop Task: {17AB1F8A-E841-4B49-BC12-E53BB0123525} - System32\Tasks\{68552F89-310A-422D-BBFA-38F5E646B16A} => pcalua.exe -a C:\Users\Markus\Downloads\465-INST-WIN7-A.EXE -d "C:\Program Files (x86)\Mozilla Firefox" Task: {238C2750-07E9-4807-B21E-42FD8D3A3AAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {260729DA-03DD-4C7B-B7DB-C9C19048EF79} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {488B1D95-D0CF-41C5-84A1-0068D6037D3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {5EC5BEEA-9A92-4611-B5EC-C845377EC520} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {BBBDD94D-6044-4539-8593-FE2D3ED9C912} - System32\Tasks\{4725893A-4AE8-4D92-9605-1259F5A70AE7} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/10 Task: {C3928A8C-B64F-4A56-B99E-167A75574240} - System32\Tasks\{F471E160-FBF6-4A9F-8ED6-C246C38FE266} => pcalua.exe -a C:\Users\Markus\Downloads\sldim\sldim.exe -d C:\Users\Markus\Downloads\sldim Task: {D1423A9B-29A0-4F70-98ED-805C4B2E06FB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2630195189-2654945084-3558987858-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {D7229424-1BF7-4C5F-B409-612611D5584D} - System32\Tasks\{6B20E4F2-7FF2-4EFA-A920-7A1E40802AE2} => pcalua.exe -a "C:\Users\Markus\Downloads\QIP 2005 8095 Jeak-Edition.exe" -d C:\Users\Markus\Downloads\ Task: {D96A3CBF-9FA5-47D7-ACE0-4776A530584C} - System32\Tasks\{749978FF-5424-4043-8EBD-1810B3F71C72} => pcalua.exe -a F:\DAMN_NFO_Viewer_v2-10-0032-RC3_de.exe -d F:\ Task: {DADF219D-B653-4C6F-96B3-12417787DCB9} - System32\Tasks\Process Explorer-Markus-XPS16-Markus => C:\PROGRAM FILES (X86)\PROCESSEXPLORER\PROCEXP.EXE [2015-05-11] (Sysinternals - www.sysinternals.com) Task: {FD8CE0A2-2858-4B91-A35E-BDC3B94391E6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2630195189-2654945084-3558987858-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2010-04-08 14:20 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll 2014-02-03 16:16 - 2014-02-03 16:16 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll 2015-08-24 09:15 - 2015-08-24 09:16 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-08-24 09:15 - 2015-08-24 09:16 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-09-26 09:19 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll 2015-09-26 09:19 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Markus\AppData\Local\NPapkMAy3o1t:Y6toDtA2sGexLcBN0wvKO8QU4utta AlternateDataStreams: C:\Users\Markus\AppData\Local\Temp:jP3IG0F5UeEjsyOsgBbnEx4Qq AlternateDataStreams: C:\Users\Markus\AppData\Local\Temporary Internet Files:R9m8mGLSinqrBpfF9wzgua3ptOZ ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\...\dell.com -> dell.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2630195189-2654945084-3558987858-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: NorServer.CtrlBuild => 3 MSCONFIG\Services: NorServer.Std => 3 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SinusLicenceManager => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Systemprogramme^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Systemprogramme^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk => C:\Windows\pss\Creative Element Power Tools Startup.lnk.Startup MSCONFIG\startupfolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Thunderbird.lnk => C:\Windows\pss\Mozilla Thunderbird.lnk.Startup MSCONFIG\startupfolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BbInstallUser => C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe MSCONFIG\startupreg: BbPrintMonitor => C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe MSCONFIG\startupreg: Sophos AutoUpdate Monitor => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot MSCONFIG\startupreg: VeohPlugin => "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{14E75A58-0D77-4588-8485-0B69B04C5091}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{1FE65655-379A-47AA-A279-1B769C4B6276}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [TCP Query User{60D6B925-F506-40AF-BDCF-79EA49101377}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{633922DF-2FCE-40CA-A07C-A64BD21C58E1}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [{B69C3079-E30B-40A2-A3EC-1A69F364CD90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AEC4D2F3-CF8E-4948-8E55-F300DB913929}] => (Allow) LPort=3703 FirewallRules: [{6A224230-BD72-4F72-93E4-856A0F72BD6F}] => (Allow) LPort=3704 FirewallRules: [{86ECA074-D162-45AB-AD71-3B7CD7A9AE49}] => (Allow) LPort=50900 FirewallRules: [{E2B6AF5D-02D0-4B92-9138-F49774729449}] => (Allow) LPort=50901 FirewallRules: [{793C6071-B0A9-4944-86B7-815F637106A7}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe FirewallRules: [{CF4B725E-E39C-4432-B98D-E3E0D3FD2D40}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe FirewallRules: [TCP Query User{9E124B7A-9EBD-4EE6-A8BD-6DE10C0B7523}C:\program files (x86)\jeak.de\qip 2005\qip.exe] => (Allow) C:\program files (x86)\jeak.de\qip 2005\qip.exe FirewallRules: [UDP Query User{5CBA5295-8C29-4D28-9418-82B5ABD2376B}C:\program files (x86)\jeak.de\qip 2005\qip.exe] => (Allow) C:\program files (x86)\jeak.de\qip 2005\qip.exe FirewallRules: [TCP Query User{CC938391-B9A9-4459-A190-5F17F020BC3E}C:\program files (x86)\sft-loader_2009_beta3\leecher.exe] => (Allow) C:\program files (x86)\sft-loader_2009_beta3\leecher.exe FirewallRules: [UDP Query User{3FC86875-BD41-4EF2-9744-C500167DDEDF}C:\program files (x86)\sft-loader_2009_beta3\leecher.exe] => (Allow) C:\program files (x86)\sft-loader_2009_beta3\leecher.exe FirewallRules: [TCP Query User{75C358A3-31BD-41FC-9B8E-76DC3DDD2132}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{29459A05-491B-4D45-9DE1-855F68E2947B}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{9FB42EAA-F867-4C64-B69D-0F2CE37B4B1B}C:\program files (x86)\2k sports\nba 2k10\nba2k10.exe] => (Allow) C:\program files (x86)\2k sports\nba 2k10\nba2k10.exe FirewallRules: [UDP Query User{54FC920E-EA23-463B-93F0-35AF10650B46}C:\program files (x86)\2k sports\nba 2k10\nba2k10.exe] => (Allow) C:\program files (x86)\2k sports\nba 2k10\nba2k10.exe FirewallRules: [{D9D805AE-0591-493D-B2F3-A739494ABE32}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{3B4A1361-74F1-470A-BDCB-8CB041E2E637}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{ED29A79B-88F4-4A96-80A8-0474D8B94636}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{2D7C6FD7-4998-483F-BABC-62B6B2EE7679}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{880D740A-9F7A-49EF-B296-EF0B121318F0}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{2E1F0725-CE99-4EF2-99A0-4DAA741C2447}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [TCP Query User{996CD49B-5B9C-4B77-8257-B3C3760A8CD9}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe FirewallRules: [UDP Query User{DE464E95-29C9-476D-B06B-525098BFD742}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe FirewallRules: [TCP Query User{28098CFF-3B56-4593-B9F8-65B678AB1AF5}C:\program files (x86)\jeak.de\qip 2005\qip.exe] => (Allow) C:\program files (x86)\jeak.de\qip 2005\qip.exe FirewallRules: [UDP Query User{3A2C71AA-A8C6-4AA0-9D5B-D15E4B09FF65}C:\program files (x86)\jeak.de\qip 2005\qip.exe] => (Allow) C:\program files (x86)\jeak.de\qip 2005\qip.exe FirewallRules: [TCP Query User{380CDD2A-8072-4D2A-8D49-F794FC2840BF}C:\program files (x86)\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse\eclipse.exe FirewallRules: [UDP Query User{A90FCAD5-75F4-4363-84DC-917321CDB0FC}C:\program files (x86)\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse\eclipse.exe FirewallRules: [TCP Query User{7BB3D6B6-1841-49D4-AB19-CC4A0C81F4C4}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe] => (Block) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe FirewallRules: [UDP Query User{49CBDDF9-DA9B-4DB1-8FBA-9CCBF211C926}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe] => (Block) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe FirewallRules: [TCP Query User{1D2190AB-D11F-4F4B-8C61-64B34704E9F0}C:\program files (x86)\ubisoft\assassin's creed ii\server.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\server.exe FirewallRules: [UDP Query User{5D0CC143-5412-414B-BB26-9D460D4B0814}C:\program files (x86)\ubisoft\assassin's creed ii\server.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\server.exe FirewallRules: [TCP Query User{BBF933FA-BE50-40D3-B5D0-95FBD6D8EDD9}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{333A6FFB-31F7-4E69-B00E-BA16A727C13B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [TCP Query User{8B9D49D8-2587-4E6D-AA30-13CFB0B6C1BA}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [UDP Query User{56DC038F-B907-47B7-A62B-B3614948F4C9}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [TCP Query User{9966E1DF-F417-4E40-BA05-6E73A7FE6DAA}C:\program files (x86)\phone remote control\phoneremotecontrol.exe] => (Allow) C:\program files (x86)\phone remote control\phoneremotecontrol.exe FirewallRules: [UDP Query User{AECC7AAA-30C9-4BE9-BFEA-22F999CBCA53}C:\program files (x86)\phone remote control\phoneremotecontrol.exe] => (Allow) C:\program files (x86)\phone remote control\phoneremotecontrol.exe FirewallRules: [{3CCEB4BF-26E9-41B8-BF6E-51C52104A3A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D6DDFE5C-CC52-4F18-A916-69C36D3789EC}] => (Allow) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe FirewallRules: [{7772FD67-0100-40E4-84E9-B7DDC85BB013}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{EB8D08B1-831E-4A71-9089-688B9459A76C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{07614F2F-FB15-4C6C-8A95-2973FBB91B56}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{10321580-2CD6-49E8-AAB5-3C5A82ED0A69}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1E326E3B-1C59-4F06-BBB3-B527F38C2B39}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D18AF8BF-D7ED-46A0-AD9E-2E59C83350DF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{AE4BB9BC-555C-4EE6-B715-D9AE5D7238B4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [TCP Query User{581DA5C4-6ED2-4BA1-8F5F-B17CF287B17A}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [UDP Query User{22E61FB6-DF6A-4FB2-8B57-A33DEC80EE85}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [TCP Query User{D4A5060E-5258-4201-9344-837E5AAAA2B5}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe FirewallRules: [UDP Query User{11102647-F913-4E61-838E-7FFB141F967F}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe FirewallRules: [TCP Query User{11683BB4-EB5F-469B-8825-56DCE080A53F}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [UDP Query User{129A0A3E-7072-4BA8-B3AC-DC01A6382978}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [TCP Query User{5451C23C-700F-4397-BDE9-96422C0EDA51}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{321A8377-FF8B-43ED-870A-E0C927E4CC5C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{71C55A89-A64E-40CC-A6EC-1ED4D0105391}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C14437F5-236B-4A27-994F-8F1EFA2C9CF1}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{386E7324-505F-45D2-87FA-2BEF2A080748}C:\windows\system32\spool\drivers\x64\3\kact.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\kact.exe FirewallRules: [UDP Query User{7D81ED35-57F4-45FF-9E54-F7DD1FC61A0B}C:\windows\system32\spool\drivers\x64\3\kact.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\kact.exe FirewallRules: [TCP Query User{AB215BD4-0F46-4456-8BFD-9E4A4F1CEBC6}C:\windows\system32\spool\drivers\x64\3\kact.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\kact.exe FirewallRules: [UDP Query User{A23004F0-D144-459F-95AC-FE76E5EAA3A9}C:\windows\system32\spool\drivers\x64\3\kact.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\kact.exe FirewallRules: [TCP Query User{D2160405-194F-4897-BE67-688A0F531B74}C:\program files\soldat\soldat.exe] => (Allow) C:\program files\soldat\soldat.exe FirewallRules: [UDP Query User{A1E20198-C965-4AA7-98FB-A8ECC1856D6E}C:\program files\soldat\soldat.exe] => (Allow) C:\program files\soldat\soldat.exe FirewallRules: [{D81B0AB4-9525-423F-A0C9-D65C781A135D}] => (Block) C:\program files\soldat\soldat.exe FirewallRules: [{C8FB63A5-DF05-4C79-8706-02F186C2F5E9}] => (Block) C:\program files\soldat\soldat.exe FirewallRules: [TCP Query User{30FD1BEB-D237-4D03-88B3-1B72A4B1C98A}C:\program files (x86)\sft-loader_2009_final\leecher.exe] => (Allow) C:\program files (x86)\sft-loader_2009_final\leecher.exe FirewallRules: [UDP Query User{7CB30287-E39C-4DAC-B0FE-250BB26844E3}C:\program files (x86)\sft-loader_2009_final\leecher.exe] => (Allow) C:\program files (x86)\sft-loader_2009_final\leecher.exe FirewallRules: [{744F0145-1E1A-4246-AD99-9F0047AEF810}] => (Block) C:\program files (x86)\sft-loader_2009_final\leecher.exe FirewallRules: [{91A3951A-5D3D-474D-9EC1-BFD501875721}] => (Block) C:\program files (x86)\sft-loader_2009_final\leecher.exe FirewallRules: [TCP Query User{F0485F86-9A04-463F-A812-39B0E9FA373F}C:\program files (x86)\soldat\soldat.exe] => (Allow) C:\program files (x86)\soldat\soldat.exe FirewallRules: [UDP Query User{9284CA58-B622-41F1-86E3-DD2F847FD8FD}C:\program files (x86)\soldat\soldat.exe] => (Allow) C:\program files (x86)\soldat\soldat.exe FirewallRules: [{665A16C0-A37E-40F1-94F1-93813A31EE2A}] => (Block) C:\program files (x86)\soldat\soldat.exe FirewallRules: [{8F206051-DBE3-4B61-B27E-E7EE0D3F7ED4}] => (Block) C:\program files (x86)\soldat\soldat.exe FirewallRules: [{A3AF5721-E0AA-4A16-8BCC-57921C0DA5FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FC603DEA-5685-4A66-A0A0-F1CA8DDD11E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22352BE3-EFE1-4368-A283-9A3F3559B4FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{D7723223-F406-47AA-BD41-3963F8CD7802}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{C642A207-1A89-4DB4-96FB-8EEAD9F4D76B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{3F129828-4F04-4A0F-8271-94DCB97B5470}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{A2597860-0283-4B7B-9C36-211E191938ED}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{713BE0A1-CAFF-468A-A1A7-67EB02D771A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{FBE9EF90-9AA5-40DC-806A-90DDCEDC3BF5}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe FirewallRules: [{01AF9AF2-25EE-489E-B0AD-475C18177DB1}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe FirewallRules: [{74EAAB58-E737-4C6C-BB48-D9AD48FB2952}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe FirewallRules: [{1B56AE3C-0903-4DB6-999F-341F30F2AD0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe FirewallRules: [{1056C540-2584-4F8B-A375-E4D152B3EA7A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe FirewallRules: [{690665CC-185B-47BF-BE20-00DE53926BBB}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe FirewallRules: [{76FD871F-4BCB-420C-864F-E9F3D9784919}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe FirewallRules: [{F9408213-BE66-4F0F-91D8-D0E280A4F848}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe FirewallRules: [TCP Query User{9299C445-5F3A-4143-A601-4B4CF2EA91D3}C:\program files (x86)\portal 2\portal2.exe] => (Allow) C:\program files (x86)\portal 2\portal2.exe FirewallRules: [UDP Query User{59F8B784-2B4A-436B-B94B-40CF5D4A35A4}C:\program files (x86)\portal 2\portal2.exe] => (Allow) C:\program files (x86)\portal 2\portal2.exe FirewallRules: [{7986CBEE-F4B1-4CC7-A5DF-6F2102295149}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DA3F47F6-01BB-4969-8A37-A7D13FDC8755}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3A673D09-2D2B-45EF-8D42-59EDECC7F163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2 demo\Shogun2.exe FirewallRules: [{ACC2D48B-E20D-4E51-9633-9C5687B036EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2 demo\Shogun2.exe FirewallRules: [TCP Query User{6AFFA96B-52E9-46B1-B2AF-FB7ECA077211}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe FirewallRules: [UDP Query User{0287AE0F-BF92-4ADF-B8EB-5CE69E980C49}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe FirewallRules: [TCP Query User{ED485131-006D-47E2-93A5-8B80F41713A6}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe FirewallRules: [UDP Query User{292F6D96-7E73-44D4-8B93-BB45D1F21CF9}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe FirewallRules: [{218B0FFA-3A27-4181-A4BF-50A4218312CB}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe FirewallRules: [{9F70C517-AD21-4DCF-8DF9-E4A03E8027F3}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe FirewallRules: [{1CF11C73-03A4-41C9-81C8-ED9B59F71C31}] => (Allow) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe FirewallRules: [{25B1342B-BA92-445A-8682-F63B66AD80E2}] => (Allow) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe FirewallRules: [{53A62DAF-18D9-4CE7-BAD4-01285F9E9C71}] => (Allow) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe FirewallRules: [{9F361289-0DB0-40CB-ACDC-BF35A6E5F47E}] => (Allow) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe FirewallRules: [TCP Query User{60675A31-4737-48CB-95FF-B40C8188018D}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe FirewallRules: [UDP Query User{7C1C6BBA-46AD-4DCA-A5AE-F9D038D0A3D4}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe FirewallRules: [{8962A4AC-9243-4BFB-AFA1-8C55A791843E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{D73CEB73-57F3-4C75-941C-657180620C7E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [TCP Query User{65056184-C71E-4D83-B4C0-C1659B9659CF}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{29F43B03-CF18-470A-BE4D-44A7864BCD1A}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{FBEFADD8-360C-4601-93F0-9CBE7BF8DE61}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{D6C25610-3EEE-411D-BDA0-248AF6331765}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{59531C04-C694-422D-BB6A-937548695EDC}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{39BFCFD1-2EC0-4741-89A5-952113866188}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{A44242D1-F6B9-4658-BA3D-F161015D88C1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{8DAC2F4C-D4B7-4EA6-940A-443F30692765}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{FFA24E1F-EB74-4633-B4F2-741A95E24C30}\\flo-pc\counter-strike source\hl2.exe] => (Allow) \\flo-pc\counter-strike source\hl2.exe FirewallRules: [UDP Query User{01C9B48F-3B47-438B-AED2-31014420476B}\\flo-pc\counter-strike source\hl2.exe] => (Allow) \\flo-pc\counter-strike source\hl2.exe FirewallRules: [TCP Query User{997F79F6-4996-43F2-AB27-7648D265C02C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{F90BD788-0F92-4B82-A829-F42E7592B999}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{3A183C78-DC2A-4D92-BEAF-DF5588224127}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe FirewallRules: [UDP Query User{B537979B-59F8-46FF-A29B-9314AC2E0524}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe FirewallRules: [TCP Query User{DBC88B28-D1FE-412C-B3A5-ACF80C04DC2C}C:\program files (x86)\realplayer\realplay.exe] => (Block) C:\program files (x86)\realplayer\realplay.exe FirewallRules: [UDP Query User{AFA23ACE-EDAB-4565-8DAF-D64DBA138155}C:\program files (x86)\realplayer\realplay.exe] => (Block) C:\program files (x86)\realplayer\realplay.exe FirewallRules: [{BCCA22A5-2C85-4A8C-90E0-090089F4B547}] => (Allow) C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{44284964-CF57-48FE-B16C-700E24734F81}] => (Allow) C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{88BE7391-62CE-42ED-9D2A-C8F80D4D6910}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{F08CF458-16F7-4E2B-A53B-B829C09DDCAE}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{18D37020-1946-4071-B4C2-854A69537154}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{779575D5-CB08-4501-8BAB-138528411103}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{37673BF5-A304-43AB-AAA5-0A2C1099E5DA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{B5E3AC97-4DDF-45F6-94B1-DCA2FB194A5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{011A9770-56D3-42E3-9AE4-8554A321C086}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4AA19CA5-AF0D-4D04-AAD6-70AB236435BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{64A503A1-B3D3-471B-9ED4-7C8A681C82FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0E25CCC9-9B6F-4683-BF7F-D558C1BE135B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{44AAA5E8-D13D-47DB-A597-E12221B52902}C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe FirewallRules: [UDP Query User{6457F6A5-1F0F-4E55-9778-FA98628DAD6B}C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe FirewallRules: [{7771FC3A-DBC5-4D97-8BA8-7C8A1EA1B71E}] => (Block) C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe FirewallRules: [{AEA4E476-591A-4E61-8669-6AA035E5D693}] => (Block) C:\users\markus\appdata\local\temp\4026.tmp\kmservice.exe FirewallRules: [TCP Query User{CF4227A3-E60E-4BBD-8781-3FE432C01DCE}C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe FirewallRules: [UDP Query User{C90C2025-9E23-4001-91DD-8A4E2614DA50}C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe FirewallRules: [{0F7A0298-0ACA-41CF-A1CF-F8CC2B6B0998}] => (Block) C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe FirewallRules: [{39CD4521-75BC-43AE-86BB-2A074BEA36C8}] => (Block) C:\users\markus\appdata\local\temp\207b.tmp\kmservice.exe FirewallRules: [TCP Query User{BDA5CA21-04C6-4EAE-A063-2B287A7C4136}C:\users\markus\appdata\local\temp\e1e6.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\e1e6.tmp\kmservice.exe FirewallRules: [UDP Query User{84544CAE-6274-4B04-8140-11912E02C29A}C:\users\markus\appdata\local\temp\e1e6.tmp\kmservice.exe] => (Allow) C:\users\markus\appdata\local\temp\e1e6.tmp\kmservice.exe FirewallRules: [TCP Query User{66E340A8-AE7A-4347-8033-98B86842D499}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [UDP Query User{284E0DF5-1DB2-4F6B-80BA-83097F1C852F}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [TCP Query User{CC2D2E45-09F0-4D2D-8D14-8E3163B51ACD}C:\users\markus\documents\arma 2\beta_oa\arma2oa.exe] => (Allow) C:\users\markus\documents\arma 2\beta_oa\arma2oa.exe FirewallRules: [UDP Query User{B7C5EE31-0F18-4299-81A9-FC7E2C24D161}C:\users\markus\documents\arma 2\beta_oa\arma2oa.exe] => (Allow) C:\users\markus\documents\arma 2\beta_oa\arma2oa.exe FirewallRules: [TCP Query User{8165F05F-C5BD-4DAB-BE85-66005CA7F48B}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe FirewallRules: [UDP Query User{E8AB07CB-9012-48A5-AB43-B2F97504F889}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe FirewallRules: [{FD5FD192-F86D-41F0-949A-5206241394F4}] => (Allow) LPort=4481 FirewallRules: [{39A2AF31-428E-4CB4-A712-442AF19DF542}] => (Allow) LPort=4481 FirewallRules: [{1EF0C7EB-7E8E-4802-A518-8E38235634A2}] => (Allow) LPort=4482 FirewallRules: [{B3D588A9-3C83-4DD8-9F1C-E3C33AEE17F1}] => (Allow) LPort=4482 FirewallRules: [{611C0CC9-8DC6-40C8-A55B-088D42CCC541}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe FirewallRules: [{2B17CBC4-A604-4DE8-932E-57D0523C9F55}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe FirewallRules: [{94B634C7-D819-4801-89A5-A6B86F9D809D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5814E8E0-44D5-4A6A-AF2C-0F06F2744CC3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4CD9FA01-2C62-4DFF-B22D-1D6A6F1A888F}] => (Allow) D:\fsetup.exe FirewallRules: [{AF17FEB6-8818-4D3E-A793-F463D74D3DB2}] => (Allow) D:\fsetup.exe FirewallRules: [{F40B70CF-038E-4B32-B002-F37B929B21C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F5A52D40-DF8E-4E0B-9D39-CA688B531CDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{38BDE3CE-2D1F-4272-ADF8-16075F76DECB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [{BD4DE83D-EB8C-4DE5-98D7-A6DF748F19C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [{E4F8E060-CE47-4A65-BEF5-AA53D3FD50D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CD7B9FD1-08DA-4681-AEEA-CD2AED2556B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{C0180084-8F6F-44D2-B1EC-C92B4BFA2C1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{2FB7FA88-CDC1-4A26-B31A-FCFDBDE7FAD9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D24276A6-4C05-4582-99FC-72AE523164EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{C5D53939-FB8A-4ED5-A067-2A5A2DDD9666}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WOG\disasm.exe FirewallRules: [{D2A11BD9-6AF6-463C-B018-4B5B7782A213}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{FF636054-9293-4C7F-81A0-1700CA00BBF9}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{8379DD2E-29FF-4B04-B0C6-2F55291D4A77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stacking\Stack.exe FirewallRules: [{79BC3D05-1DEE-4689-A385-78474061408A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stacking\Stack.exe FirewallRules: [{EAD7F240-414B-4F67-8712-5BD9DF5A49C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe FirewallRules: [{09FBF3C8-F670-43D9-8A67-1142886C61DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe FirewallRules: [{52332BFC-4A01-4C29-A4A5-E110E0B0A9F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/29/2015 10:40:15 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/28/2015 07:40:21 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT-AUTORITÄT) Description: Die Netzwerkidentität (Interoperable Object Reference oder IOR) des lokalen Computers ist ungültig.%%3 Error: (09/28/2015 04:18:13 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/28/2015 04:18:11 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/28/2015 04:18:11 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/27/2015 10:21:14 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)" Error: (09/27/2015 01:24:01 AM) (Source: Sophos Message Router) (EventID: 8005) (User: NT-AUTORITÄT) Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: winmng.%%3 Error: (09/27/2015 01:19:03 AM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (09/27/2015 01:18:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (09/27/2015 01:18:37 AM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Systemfehler: ============= Error: (09/29/2015 11:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:52:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:42:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:32:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:22:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:12:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 10:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 09:52:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 09:42:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/29/2015 09:32:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) CodeIntegrity: =================================== Date: 2015-09-22 20:02:45.352 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-09-22 20:02:45.295 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-10 13:09:59.612 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Norsonic\Nor-Xfer\FastLynx.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-10 13:09:59.596 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Norsonic\Nor-Xfer\FastLynx.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-09-19 23:26:14.933 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\PeerGuardian2\pgfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-09-19 23:26:14.917 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\PeerGuardian2\pgfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-08-11 23:13:16.989 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\PeerGuardian2\pgfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-08-11 23:13:16.978 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\PeerGuardian2\pgfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz Prozentuale Nutzung des RAM: 39% Installierter physikalischer RAM: 8156.86 MB Verfügbarer physikalischer RAM: 4908.13 MB Summe virtueller Speicher: 8555.06 MB Verfügbarer virtueller Speicher: 5847.66 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:13.96 GB) NTFS Drive e: (MARY JANE) (Removable) (Total:7.41 GB) (Free:5.1 GB) FAT32 Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:0.4 GB) NTFS Drive g: (CRUZER-4GB) (Removable) (Total:3.76 GB) (Free:0.29 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10264032) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: 7CCC6CC5) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 3.8 GB) (Disk ID: 0FFECABE) Partition 1: (Active) - (Size=3.8 GB) - (Type=0B) ==================== Ende von Addition.txt ============================ |
30.09.2015, 14:19 | #18 |
/// the machine /// TB-Ausbilder | hohe CPU-Auslastung durch svhost.exe(netsvcs) Java und Flash updaten.
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe C:\ProgramData\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi C:\Users\Markus\AppData\Local\Temp\installChecker.exe C:\Users\Markus\AppData\Local\Temp\OCS\ocs_v6n.exe C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt.rar C:\Users\Markus\Downloads\Programm-Installationen\CCleaner 3.22.1800.exe C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt.rar C:\Users\Markus\Downloads\Programm-Installationen\Bluebeam eXtreme 9.5 int + mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt\bluebeam.pdf.revu.extreme.9.5.0-mpt.exe C:\Windows\Installer\27eace5.msi C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R8C1BM3.part C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R98YLJN.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RBL1YY7.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RFQU9I8.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RSBABCE.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RSE3JEB.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$RYW6S3S.exe C:\AdwCleaner\Quarantine\C\Users\Markus\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe C:\Users\Markus\AppData\Local\Temp\RarSFX0\mKMSAct.exe C:\Users\Markus\Downloads\download_audiograbber.exe C:\Users\Markus\Downloads\Programm-Installationen\Microsoft.Office.2010.Prof.Plus.VL.Crack\activate_O10_x64.exe C:\Users\Markus\Downloads\Programm-Installationen\Microsoft.Office.2010.Prof.Plus.VL.Crack\restore_O10_x64.exe C:\Windows\System32\Adobe\Shockwave 12\gt.exe C:\$Recycle.Bin\S-1-5-21-2630195189-2654945084-3558987858-1000\$R84ZMPO.zip C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE.rar C:\Users\Markus\Downloads\Programm-Installationen\#Keys und Cracks\Microsoft.Office.2010.Prof.Plus.VL.Crack.rar C:\Users\Markus\Downloads\Programm-Installationen\ADOBECREATIVESUITE60MASTERCOLLECTIONLS4ESD-ISO\MCCS6LS4.iso C:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Users\Markus\AppData\Local\Temp\smt_istartsurf.exe C:\Users\Markus\AppData\Local\Temp\B934D573F69tmp\tmp\wpm_v20.0.0.1953_0302.exe C:\Users\Markus\AppData\Local\Temp\B934D573F69tmp\tmp\XTab_Setup2021.exe C:\Users\Markus\AppData\Local\Temp\nst3F2D.tmp\install50738.exe C:\Counter-Strike 1.6 V40\DigitalPowered.exe C:\Counter-Strike 1.6 V40\digitalpowered.xpi C:\Program Files (x86)\DigitalPowered\tbDigi.dll F:\Installs\unlocker1.8.8.exe F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 88.zip F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 89.zip F:\MARKUS-XPS16\Backup Set 2014-12-07 232723\Backup Files 2014-12-07 232723\Backup files 92.zip F:\PersonalBackup\LwC\ProgramData\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi.gz F:\PersonalBackup\LwC\Users\Markus\AppData\Local\Temp\installChecker.exe.gz F:\Studium\Diverses\romy\MathType 6.0c.rar Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch probleme?
__________________ |
Themen zu hohe CPU-Auslastung durch svhost.exe(netsvcs) |
.exe, blick, chrome, cpu-auslastung, dankbar, gefunde, hohe, hohen, liebe, malwarebites, min, netsvcs, nichts, probleme, prozessor, scan, scanne, scannen, svhost.exe, systems, tagen, taskma, taskmanager, temp, ursache, verhält |