Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   WIN 7: USB Stick beinhaltet nur Verknüpfungen! (https://www.trojaner-board.de/165698-win-7-usb-stick-beinhaltet-nur-verknuepfungen.html)

ones 01.04.2015 11:35
WIN 7: USB Stick beinhaltet nur Verknüpfungen!
 
Hallo liebes TB-Team,

mein Name ist Jonas und mein USB Stick (SanDisk Cruizer fit) beinhaltet nur Verknüpfungen und beim öffnen einer Datei erscheint

" "ii.vbs_.vbs" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang "

Nach Bestätigung mir OK wird die Datei ganz normal geöffnet und ich kann diese bearbeiten.

Bei einem Suchlauf für meine gesamtes System mit mbam wurde folgende Datei als schadhaft befunden und in Quarantäne verlegt.

" PUP.Optional.Monetizer, C:\Users\Kunde\AppData\Local\Temp\is-9GRFJ.tmp\CBStub.exe, , [0465dd8a4f3beb4be1f2a5528979b749], "

Bei einem Suchlauf ausschließlich auf meinen USB stick wurde allerdings nichts gefunden.#

Anbei die generierten Codes von: defogger und mbam

FRST, Addition und GMER folgen

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:06 on 01/04/2015 (Kunde)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.04.2015
Suchlauf-Zeit: 15:59:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.01.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Kunde

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 354836
Verstrichene Zeit: 25 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.Monetizer, C:\Users\Kunde\AppData\Local\Temp\is-9GRFJ.tmp\CBStub.exe, , [0465dd8a4f3beb4be1f2a5528979b749],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Ich würde mich sehr über eure Hilfe und oder eine Einschätzung freuen, denn man wird schnell paranoid.
Vielen Dank im Voraus!!

Gruß, Jonas

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Kunde at 2015-04-01 17:13:46
Running from C:\Users\Kunde\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 - DEU Lang Pack (Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (Version: 3.11.50727 - Microsoft Corporation) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blend for Visual Studio 2012 (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 DEU resources (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version:  - Treyarch)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2012 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
LocalESPC (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for de-de (Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{A38310A9-0AAF-4815-856D-63DAE3D7DFF1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{9611BFC7-0C25-48D9-927B-DB5D0D5562CB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{2A3CC014-FA33-4027-AECD-9A4845223209}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{5CBB00A9-CAA2-406A-B149-65343CD6A86E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{30640168-E261-4261-B8FF-7FA5E0F6A2F1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 DEU (HKLM\...\{7CC4FADE-70AC-4560-9418-639D71A4767C}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Premium 2012 (HKLM\...\{774c815f-9406-4d13-b216-be51a799d670}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
PreEmptive Analytics Client German Language Pack (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PSpice Student 9.1 (HKLM\...\PSpice Student) (Version:  - )
RFSim99 (HKLM\...\RFSim99) (Version:  - )
RICOH_Media_Driver_v2.14.18.01 (HKLM\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - )
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-03-2015 12:51:23 Windows Update
10-03-2015 09:46:35 Microsoft Visual C++ 2005 Redistributable wird installiert
10-03-2015 09:56:53 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
11-03-2015 21:07:30 Windows Update
12-03-2015 01:05:02 Windows Update
12-03-2015 17:27:07 Installed PDF Architect 2 View Module
12-03-2015 17:30:07 Installed PDF Architect 2 Create Module
12-03-2015 17:30:56 Installed PDF Architect 2 Edit Module
18-03-2015 22:11:01 Windows Update
25-03-2015 15:59:51 Windows Update
25-03-2015 23:56:04 Windows Update
31-03-2015 16:21:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4CC39B70-BE1A-490F-9D3B-E0B638A0CC50} - System32\Tasks\{D8EB24A9-3D7E-448F-BEDF-CE51BB843418} => pcalua.exe -a "E:\Daten\FH\Bielefeld\Matlab install\matlab_R2013b_win64_installer.exe" -d "E:\Daten\FH\Bielefeld\Matlab install"
Task: {75E428C1-FB08-4AEF-9C0E-DEC45436F6B4} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win32\MATLABStartupAccelerator.exe [2014-12-29] ()
Task: {765B2E57-A3DA-4471-99AF-FB561BFEDCBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {85D290AB-A7C5-4638-961F-F3A024067842} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A65DFCB4-300A-4D82-A19D-1B09F4F3CC64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C1A1A2B0-5E93-40EB-A77C-9DD6F459C17C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {C254CD44-0FD0-4222-9C79-F918BBC7FD25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {C6CA1516-555D-4968-BA21-47ADD7DAFF25} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C716E409-7504-4E1C-B1C9-28A071E1F879} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {D13460DB-120D-4726-B674-D8474B2DF1CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {FF246887-459A-4644-9ADF-D2834560A234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win32\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-05 23:58 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-02-03 22:42 - 2012-08-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00392552 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00059752 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2014-11-19 12:47 - 2014-11-19 12:47 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 12:46 - 2014-11-19 12:46 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2015-04-01 16:40 - 2015-04-01 16:40 - 00014336 _____ () C:\Users\Kunde\AppData\Local\Temp\WDEEC32.tmp\ml_online.lng
2015-04-01 16:40 - 2015-04-01 16:40 - 00036352 _____ () C:\Users\Kunde\AppData\Local\Temp\WDEEC32.tmp\ombrowser.lng
2015-03-23 09:46 - 2015-03-14 18:12 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 09:46 - 2015-03-14 18:12 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 09:46 - 2015-03-14 18:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.9.5

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Sophos AutoUpdate Monitor => C:\Program Files\Sophos\AutoUpdate\almon.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== Accounts: =============================

Administrator (S-1-5-21-2428416208-3339100590-1231843568-500 - Administrator - Disabled)
Gast (S-1-5-21-2428416208-3339100590-1231843568-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2428416208-3339100590-1231843568-1002 - Limited - Enabled)
Kunde (S-1-5-21-2428416208-3339100590-1231843568-1000 - Administrator - Enabled) => C:\Users\Kunde
SophosSAUKUNDE-PC0 (S-1-5-21-2428416208-3339100590-1231843568-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 04:28:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3

Error: (04/01/2015 03:04:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3

Error: (04/01/2015 02:55:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x884
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3

Error: (03/31/2015 10:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0xe74
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3

Error: (03/31/2015 08:55:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2015 08:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2015 08:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2015 08:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2015 08:17:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x868
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3

Error: (03/31/2015 08:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: creator-ws.exe, Version: 1.0.0.0, Zeitstempel: 0x5437c98f
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x898
Startzeit der fehlerhaften Anwendung: 0xcreator-ws.exe0
Pfad der fehlerhaften Anwendung: creator-ws.exe1
Pfad des fehlerhaften Moduls: creator-ws.exe2
Berichtskennung: creator-ws.exe3


System errors:
=============
Error: (04/01/2015 04:28:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2015 04:27:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/01/2015 03:18:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (04/01/2015 03:04:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2015 03:04:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/01/2015 02:55:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2015 02:54:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/31/2015 10:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/31/2015 08:17:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {377BC857-DD21-4019-929A-F3877CA4DB5C}

Error: (03/31/2015 08:17:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/01/2015 04:28:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327c9ac01d06c55b8946af2C:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dll017ed57d-d849-11e4-a5be-f0def1cca007

Error: (04/01/2015 03:04:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327c71c01d06c4a18d69022C:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dll600177fa-d83d-11e4-9310-f0def1cca007

Error: (04/01/2015 02:55:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327c88401d06c48c1663648C:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dll09f62c89-d83c-11e4-89f3-f0def1cca007

Error: (03/31/2015 10:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327ce7401d06bbd45eab2c8C:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dll84caa1b1-d7b0-11e4-a251-f0def1cca007

Error: (03/31/2015 08:55:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (03/31/2015 08:51:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 11.0\VC\redist\1031\vcredist_arm.exe

Error: (03/31/2015 08:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\filetypeverifier.exe

Error: (03/31/2015 08:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\oleview.exe

Error: (03/31/2015 08:17:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327c86801d06baca749c7eaC:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dlle5741fca-d79f-11e4-a251-f0def1cca007

Error: (03/31/2015 08:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: creator-ws.exe1.0.0.05437c98fMSVCR110.dll11.0.51106.15098858e40000015000a327c89801d06bab0311fd9bC:\Program Files\PDF Architect 2\creator-ws.exeC:\Windows\system32\MSVCR110.dll49cd04c6-d79e-11e4-a251-60d819ca8163


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 3493.23 MB
Available physical RAM: 1710.36 MB
Total Pagefile: 6984.76 MB
Available Pagefile: 4914.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:105.7 GB) NTFS
Drive d: (NFSUG2_DISK2) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:3.73 GB) (Free:3.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BE97C4F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 01.04.2015 11:35
hi,

FRST.txt bitte noch posten.

ones 01.04.2015 11:36
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Kunde (administrator) on KUNDE-PC on 01-04-2015 17:13:18
Running from C:\Users\Kunde\Desktop
Loaded Profiles: Kunde (Available profiles: Kunde)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2014-07-28] (Synaptics Incorporated)
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\...\Run: [] => [X]
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\...\MountPoints2: {d24bad0d-abad-11e4-8d3b-806e6f6e6963} - D:\RunGame.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-05] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-02-04] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.9.5

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-06] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-04]
CHR Extension: (Google Sheets) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (AdBlock) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-10]
CHR Extension: (Google Wallet) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]
CHR Extension: (Gmail) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-04]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-27] (Intel Corporation)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-26] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-18] (Conexant Systems, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-04-30] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-02-04] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-02-04] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-02-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-02-04] (Sophos Limited)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-02-04] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-06-28] (Intel Corporation)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-26] (REDC)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [760936 2012-03-09] (Realtek Semiconductor Corporation                          )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-04-30] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2015-02-04] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-04-30] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [39280 2014-07-28] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-04-30] (Sophos Limited)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:13 - 2015-04-01 17:13 - 00016440 _____ () C:\Users\Kunde\Desktop\FRST.txt
2015-04-01 17:12 - 2015-04-01 17:13 - 00000000 ____D () C:\FRST
2015-04-01 17:11 - 2015-04-01 17:11 - 01135104 _____ (Farbar) C:\Users\Kunde\Desktop\FRST.exe
2015-04-01 17:06 - 2015-04-01 17:06 - 00000472 _____ () C:\Users\Kunde\Desktop\defogger_disable.log
2015-04-01 17:06 - 2015-04-01 17:06 - 00000000 _____ () C:\Users\Kunde\defogger_reenable
2015-04-01 17:00 - 2015-04-01 17:00 - 00050477 _____ () C:\Users\Kunde\Desktop\Defogger.exe
2015-04-01 16:25 - 2015-04-01 16:25 - 00001294 _____ () C:\Users\Kunde\Desktop\mbam.txt
2015-04-01 15:52 - 2015-04-01 16:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:52 - 2015-04-01 15:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 15:41 - 2015-04-01 15:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kunde\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 15:22 - 2015-04-01 15:22 - 00000000 ____D () C:\Users\Kunde\AppData\Local\Sophos
2015-03-30 19:31 - 2015-03-30 19:31 - 00000297 _____ () C:\Users\Kunde\Downloads\iCalendar.ics
2015-03-25 15:59 - 2015-03-11 11:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 15:59 - 2015-03-11 11:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 15:59 - 2015-03-11 11:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 14:07 - 2015-03-24 14:08 - 03628849 _____ () C:\Users\Kunde\Downloads\ECV3001+Presentation+2014+15+aaaa+1+2.pptx
2015-03-24 13:26 - 2015-03-24 13:26 - 00000941 _____ () C:\Users\Public\Desktop\Winamp.lnk
2015-03-24 13:26 - 2015-03-24 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-24 13:25 - 2015-03-24 14:58 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Winamp
2015-03-24 13:25 - 2015-03-24 13:27 - 00000000 ____D () C:\Program Files\Winamp
2015-03-24 13:25 - 2015-03-24 13:25 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-03-24 13:23 - 2015-03-24 13:24 - 12855384 _____ (Nullsoft, Inc.) C:\Users\Kunde\Downloads\winamp5666_full_de-de_b3516.exe
2015-03-13 21:13 - 2015-03-29 21:13 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\vlc
2015-03-13 21:12 - 2015-03-13 21:12 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:12 - 2015-03-13 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-13 21:11 - 2015-03-13 21:11 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-13 21:05 - 2015-03-13 21:09 - 28509232 _____ () C:\Users\Kunde\Downloads\vlc-2.2.0-win32.exe
2015-03-13 21:02 - 2015-03-13 21:03 - 04247589 _____ () C:\Users\Kunde\Downloads\Demonstration_1_sub.rm
2015-03-13 17:42 - 2015-03-13 17:45 - 28292172 _____ () C:\Users\Kunde\Downloads\1 Vorlesung.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 01274520 _____ () C:\Users\Kunde\Downloads\2 Seminar.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00545689 _____ () C:\Users\Kunde\Downloads\3 Praktikum.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00013845 _____ () C:\Users\Kunde\Downloads\4 Literaturverzeichnis.zip
2015-03-12 20:57 - 2015-03-12 20:57 - 00000146 _____ () C:\Windows\Capture.INI
2015-03-12 20:10 - 2015-03-12 22:34 - 00000000 ____D () C:\PSpice Projekte
2015-03-12 19:47 - 2015-03-12 19:48 - 00000000 ____D () C:\Program Files\RFSim99
2015-03-12 19:47 - 2015-03-12 19:47 - 00000979 _____ () C:\Users\Kunde\Desktop\RFSim99.lnk
2015-03-12 19:47 - 2015-03-12 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFSim99
2015-03-12 19:47 - 1998-02-06 21:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\IO.SYS
2015-03-12 19:39 - 2015-03-12 19:40 - 00364545 _____ () C:\Users\Kunde\Downloads\Communication.zip
2015-03-12 17:43 - 2015-03-12 17:44 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2014b_win32
2015-03-12 17:36 - 2015-03-12 17:40 - 108292376 _____ () C:\Users\Kunde\Downloads\matlab_R2014b_win32.exe
2015-03-12 17:30 - 2015-03-12 17:31 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 ____D () C:\Users\Kunde\AppData\Local\pdfforge
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 ____D () C:\Users\Kunde\AppData\Local\PDFCreator
2015-03-12 17:24 - 2015-03-12 17:24 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-03-12 17:23 - 2015-03-12 17:24 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-12 17:23 - 2015-03-12 17:24 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-12 17:23 - 2015-03-12 17:23 - 00000993 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-12 17:23 - 2015-03-12 17:23 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\pdfforge
2015-03-12 17:23 - 2015-03-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-12 17:13 - 2015-03-12 17:14 - 27721680 _____ (pdfforge ) C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe
2015-03-12 17:13 - 2015-03-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSpice Student
2015-03-12 17:12 - 2015-03-12 22:34 - 00005383 _____ () C:\Windows\PSPICEEV.INI
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Windows\Crystal
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Program Files\OrCAD_Demo
2015-03-12 17:12 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-03-12 17:12 - 1997-08-28 17:00 - 03572224 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\crpe32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00416768 _____ (Seagate Software) C:\Windows\system32\cpeaut32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00183296 _____ (Seagate Software, Information Management Group, Inc.) C:\Windows\system32\crpaig32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00105984 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00064000 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2irdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00054272 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2ctdao.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\msjet35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00251664 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00121104 _____ (Microsoft Corporation) C:\Windows\system32\msjint35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00024336 _____ (Microsoft Corporation) C:\Windows\system32\msjter35.dll
2015-03-12 17:12 - 1997-01-22 22:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\Msvcp50.dll
2015-03-12 17:12 - 1996-11-08 03:48 - 00368912 _____ (Microsoft Corporation) C:\Windows\system32\vbar332.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00192512 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00176128 _____ () C:\Windows\system32\lffax60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00141824 _____ () C:\Windows\system32\lfcmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00110080 _____ () C:\Windows\system32\lfpng60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00046080 _____ () C:\Windows\system32\lftif60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00043008 _____ () C:\Windows\system32\ltfil60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00023552 _____ () C:\Windows\system32\lfpcx60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfpct60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfeps60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022016 _____ () C:\Windows\system32\lfbmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00020480 _____ () C:\Windows\system32\lfpsd60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019968 _____ () C:\Windows\system32\lftga60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwpg60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwmf60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00018432 _____ () C:\Windows\system32\lfmsp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00017920 _____ () C:\Windows\system32\lfmac60n.dll
2015-03-12 17:12 - 1995-07-26 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\system32\THREED32.OCX
2015-03-12 17:12 - 1995-02-15 01:11 - 00017920 _____ () C:\Windows\system32\implode.dll
2015-03-12 17:11 - 2015-03-12 17:11 - 00000000 ____D () C:\1
2015-03-12 17:05 - 2015-03-12 17:07 - 28620288 _____ () C:\Users\Kunde\Downloads\91pspstu.exe
2015-03-12 17:03 - 2015-03-12 17:04 - 02083060 _____ () C:\Users\Kunde\Downloads\rf-sim-99.zip
2015-03-11 21:43 - 2015-03-11 21:43 - 00000343 _____ () C:\Users\Kunde\Downloads\ruediger.schultheis.vcf
2015-03-11 21:42 - 2015-03-11 21:45 - 00000000 ____D () C:\Users\Kunde\Desktop\Sydney
2015-03-11 21:29 - 2015-02-03 11:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 21:29 - 2015-02-03 11:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 21:29 - 2015-02-03 11:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 21:28 - 2015-02-03 11:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 21:28 - 2015-02-03 11:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 21:28 - 2015-02-03 11:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 21:28 - 2015-02-03 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 21:28 - 2015-02-03 11:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 21:28 - 2015-02-03 11:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 21:28 - 2015-02-03 11:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 21:28 - 2015-02-03 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 21:28 - 2015-02-03 11:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 21:28 - 2015-02-03 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 21:28 - 2015-01-31 07:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 21:28 - 2014-11-01 06:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 21:18 - 2015-02-20 11:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 21:18 - 2015-02-04 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 21:17 - 2015-02-26 11:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 21:17 - 2015-02-24 10:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 21:17 - 2015-02-21 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 21:17 - 2015-02-20 10:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 21:17 - 2015-02-20 10:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 21:17 - 2015-02-20 10:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 21:17 - 2015-02-20 09:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 21:17 - 2015-02-20 09:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 21:17 - 2015-02-20 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 21:17 - 2015-02-20 09:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 21:17 - 2015-02-20 08:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 21:17 - 2015-02-13 13:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 21:17 - 2015-02-03 11:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 21:17 - 2015-01-17 10:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 21:16 - 2015-02-21 08:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 21:16 - 2015-02-21 08:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 21:16 - 2015-02-21 08:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 21:16 - 2015-02-21 07:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 21:16 - 2015-02-20 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 21:16 - 2015-02-20 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 21:16 - 2015-02-20 10:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 21:16 - 2015-02-20 10:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 21:16 - 2015-02-20 10:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 21:16 - 2015-02-20 10:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 21:16 - 2015-02-20 09:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 21:16 - 2015-02-20 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 21:16 - 2015-02-20 09:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 21:16 - 2015-02-20 09:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 21:16 - 2015-02-20 09:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 21:16 - 2015-02-20 09:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 21:16 - 2015-02-20 09:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 21:16 - 2015-02-20 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 21:14 - 2015-03-06 13:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 21:14 - 2015-03-06 13:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 21:14 - 2015-03-06 13:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 21:14 - 2015-03-06 13:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 21:14 - 2015-03-06 13:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 21:14 - 2015-03-06 13:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 21:14 - 2015-03-06 13:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 21:14 - 2015-03-06 13:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 21:14 - 2015-02-03 11:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Subversion
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Local\MathWorks
2015-03-11 14:49 - 2015-03-13 02:07 - 00000000 ____D () C:\Users\Kunde\Documents\MATLAB
2015-03-10 12:00 - 2015-03-10 12:00 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\MathWorks
2015-03-10 11:59 - 2015-03-10 11:59 - 00001299 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00001287 _____ () C:\Users\Public\Desktop\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-03-10 11:58 - 2015-04-01 16:30 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2015-03-10 11:58 - 2015-03-10 11:58 - 00000000 ____D () C:\ProgramData\MathWorks
2015-03-10 11:58 - 2004-09-06 09:05 - 00645120 _____ () C:\Windows\system32\config.gms
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Users\Kunde\Downloads\MathWorks
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Program Files\MATLAB
2015-03-10 09:56 - 2015-03-10 09:56 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2015a_win32
2015-03-10 09:54 - 2015-03-10 09:55 - 90954008 _____ () C:\Users\Kunde\Downloads\matlab_R2015a_win32.exe
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieUserList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieSiteList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieBrowserModeList
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-10 08:38 - 2015-03-10 08:38 - 01877056 _____ () C:\Users\Kunde\Downloads\wrar521d.exe
2015-03-04 13:18 - 2015-03-31 22:16 - 00000000 ____D () C:\Users\Kunde\Desktop\SAT
2015-03-04 13:18 - 2015-03-24 14:34 - 00000000 ____D () C:\Users\Kunde\Desktop\Eng. Soc
2015-03-04 13:18 - 2015-03-24 11:44 - 00000000 ____D () C:\Users\Kunde\Desktop\COM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:10 - 2015-02-03 22:09 - 01529577 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 17:06 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde
2015-04-01 16:42 - 2015-02-04 23:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 16:35 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 16:35 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 16:27 - 2015-02-05 10:32 - 00069480 _____ () C:\Windows\PFRO.log
2015-04-01 16:27 - 2015-02-04 23:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 16:27 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 16:27 - 2009-07-14 12:39 - 00088037 _____ () C:\Windows\setupact.log
2015-03-30 22:40 - 2015-02-11 19:58 - 00000000 ____D () C:\Users\Kunde\Desktop\Sammelstuff
2015-03-30 20:51 - 2015-02-09 04:59 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Skype
2015-03-30 18:47 - 2015-02-03 22:17 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 21:06 - 2015-02-11 20:13 - 00000000 ____D () C:\Users\Kunde\Documents\Tagebuch
2015-03-28 08:46 - 2015-02-06 18:13 - 00000000 ____D () C:\Users\Kunde\AppData\Local\NFS Underground 2
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 21:56 - 2009-07-14 12:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 00:09 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 19:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-03-24 16:07 - 2015-02-17 06:13 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-03-24 10:34 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-23 09:46 - 2015-02-04 23:31 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:33 - 2015-02-05 23:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 20:08 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde\AppData\Local\VirtualStore
2015-03-12 19:48 - 2015-02-05 22:02 - 00000000 ____D () C:\Users\Kunde\Documents\Programme
2015-03-12 09:11 - 2009-07-14 12:33 - 00437312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 01:22 - 2015-02-03 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 01:14 - 2015-02-03 22:50 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Kunde\AppData\Local\Temp\AutoRun.exe
C:\Users\Kunde\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Kunde\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Kunde\AppData\Local\Temp\Quarantine.exe
C:\Users\Kunde\AppData\Local\Temp\Setup.exe
C:\Users\Kunde\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kunde\AppData\Local\Temp\sqlite3.dll
C:\Users\Kunde\AppData\Local\Temp\_ISDel.exe
C:\Users\Kunde\AppData\Local\Temp\_Setup.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 10:38

==================== End Of Log ============================
--- --- ---

ones 01.04.2015 11:37
Gmer

Code:
GMER Logfile:

       
Code:

       
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 17:38:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0020LVM1 298,09GB
Running: hls7unv5.exe; Driver: C:\Users\Kunde\AppData\Local\Temp\ugloqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495                                                           82C469E5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               82C80312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\drivers\ayxtqiyu.sys                                                                        Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\svchost.exe[328] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[328] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[484] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] ntdll.dll!RtlExitUserThread                                       7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] ntdll.dll!KiUserExceptionDispatcher                               777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrLoadDll                                              777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessA                                       76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtect                                       76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExA                                       76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExW                                       76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!GlobalAlloc                                          76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!GetProcAddress                                       76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryA                                         76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileA                                          76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryW                                         76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!FreeLibrary                                          76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!WriteFile                                            76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!ExitProcess                                          76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessInternalA                               76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!WriteFileEx                                          76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!GetThreadContext                                     76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!WriteProcessMemory                                   76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!WinExec                                              76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtectEx                                     76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] kernel32.dll!SetThreadContext                                     76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!closesocket                                            776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!WSAStartup                                             776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!bind                                                   776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!accept                                                 776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!recv                                                   776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!connect                                                776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!send                                                   776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!getpeername                                            776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!listen                                                 776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[556] WS2_32.dll!WSASocketA                                             776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[708] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[836] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[924] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!RtlExitUserThread                                     7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!KiUserExceptionDispatcher                             777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll                                            777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessA                                     76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!VirtualProtect                                     76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryExA                                     76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryExW                                     76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!GlobalAlloc                                        76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!GetProcAddress                                     76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryA                                       76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateFileA                                        76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryW                                       76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!FreeLibrary                                        76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!WriteFile                                          76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!ExitProcess                                        76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessInternalA                             76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!WriteFileEx                                        76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!GetThreadContext                                   76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!WriteProcessMemory                                 76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!WinExec                                            76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!VirtualProtectEx                                   76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!SetThreadContext                                   76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!closesocket                                          776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!WSAStartup                                           776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!bind                                                 776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!accept                                               776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!recv                                                 776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!connect                                              776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!send                                                 776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!getpeername                                          776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!listen                                               776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[992] WS2_32.dll!WSASocketA                                           776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!RtlExitUserThread                                    7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!KiUserExceptionDispatcher                            777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll                                           777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessA                                    76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtect                                    76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA                                    76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW                                    76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GlobalAlloc                                       76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetProcAddress                                    76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA                                      76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileA                                       76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW                                      76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!FreeLibrary                                       76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteFile                                         76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!ExitProcess                                       76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessInternalA                            76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteFileEx                                       76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetThreadContext                                  76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteProcessMemory                                76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WinExec                                           76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx                                  76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!SetThreadContext                                  76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!closesocket                                         776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!WSAStartup                                          776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!bind                                                776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!accept                                              776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!recv                                                776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!connect                                             776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!send                                                776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!getpeername                                         776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!listen                                              776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!WSASocketA                                          776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] ntdll.dll!RtlExitUserThread                                    7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] ntdll.dll!KiUserExceptionDispatcher                            777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll                                           777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA                                    76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect                                    76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA                                    76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW                                    76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!GlobalAlloc                                       76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress                                    76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA                                      76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA                                       76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW                                      76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!FreeLibrary                                       76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!WriteFile                                         76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!ExitProcess                                       76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessInternalA                            76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!WriteFileEx                                       76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetThreadContext                                  76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!WriteProcessMemory                                76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec                                           76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx                                  76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] kernel32.dll!SetThreadContext                                  76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!closesocket                                         776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!WSAStartup                                          776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!bind                                                776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!accept                                              776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!recv                                                776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!connect                                             776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!send                                                776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!getpeername                                         776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!listen                                              776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1044] WS2_32.dll!WSASocketA                                          776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] ntdll.dll!RtlExitUserThread                                            7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] ntdll.dll!KiUserExceptionDispatcher                                    777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] ntdll.dll!LdrLoadDll                                                   777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!CreateProcessA                                            76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!CopyFileExW                                               76C0B348 7 Bytes  JMP 756D9AF0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!VirtualProtect                                            76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!LoadLibraryExA                                            76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!LoadLibraryExW                                            76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!MoveFileWithProgressW                                     76C18E9C 5 Bytes  JMP 756D9C10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!GlobalAlloc                                               76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!GetProcAddress                                            76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!LoadLibraryA                                              76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!CreateFileA                                               76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!LoadLibraryW                                              76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!FreeLibrary                                               76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!WriteFile                                                 76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!ExitProcess                                               76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!CreateProcessInternalA                                    76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!WriteFileEx                                               76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!GetThreadContext                                          76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!WriteProcessMemory                                        76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!WinExec                                                   76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!VirtualProtectEx                                          76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] kernel32.dll!SetThreadContext                                          76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] ole32.dll!CoCreateInstance                                             76DA9D0B 8 Bytes  JMP 756DA2E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WININET.dll!InternetReadFile                                           772D9EA0 5 Bytes  JMP 756D4E80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WININET.dll!InternetOpenA                                              772DEEC0 5 Bytes  JMP 756D4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WININET.dll!InternetQueryDataAvailable                                 773254D0 5 Bytes  JMP 756D4EA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WININET.dll!InternetOpenUrlA                                           773A8180 5 Bytes  JMP 756D4EC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!closesocket                                                 776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!WSAStartup                                                  776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!bind                                                        776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!accept                                                      776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!recv                                                        776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!connect                                                     776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!send                                                        776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!getpeername                                                 776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!listen                                                      776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[1636] WS2_32.dll!WSASocketA                                                  776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlExitUserThread                                    7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] ntdll.dll!KiUserExceptionDispatcher                            777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll                                           777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessA                                    76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!VirtualProtect                                    76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryExA                                    76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryExW                                    76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!GlobalAlloc                                       76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!GetProcAddress                                    76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryA                                      76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateFileA                                       76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryW                                      76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!FreeLibrary                                       76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!WriteFile                                         76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!ExitProcess                                       76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessInternalA                            76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!WriteFileEx                                       76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!GetThreadContext                                  76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!WriteProcessMemory                                76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!WinExec                                           76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!VirtualProtectEx                                  76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] kernel32.dll!SetThreadContext                                  76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!closesocket                                         776D3918 5 Bytes  JMP 756D4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!WSAStartup                                          776D3AB2 7 Bytes  JMP 756D4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!bind                                                776D4582 5 Bytes  JMP 756D4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!accept                                              776D68B6 5 Bytes  JMP 756D4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!recv                                                776D6B0E 5 Bytes  JMP 756D4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!connect                                             776D6BDD 5 Bytes  JMP 756D4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!send                                                776D6F01 5 Bytes  JMP 756D4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!getpeername                                         776D7147 5 Bytes  JMP 756D4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!listen                                              776DB001 5 Bytes  JMP 756D4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1876] WS2_32.dll!WSASocketA                                          776DC82A 5 Bytes  JMP 756D4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] ntdll.dll!RtlExitUserThread                                    7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] ntdll.dll!KiUserExceptionDispatcher                            777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] ntdll.dll!LdrLoadDll                                           777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessA                                    76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtect                                    76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExA                                    76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExW                                    76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!GlobalAlloc                                       76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetProcAddress                                    76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryA                                      76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateFileA                                       76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryW                                      76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!FreeLibrary                                       76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!WriteFile                                         76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!ExitProcess                                       76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessInternalA                            76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!WriteFileEx                                       76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetThreadContext                                  76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!WriteProcessMemory                                76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!WinExec                                           76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtectEx                                  76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2876] kernel32.dll!SetThreadContext                                  76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] ntdll.dll!RtlExitUserThread                                   7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] ntdll.dll!KiUserExceptionDispatcher                           777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] ntdll.dll!LdrLoadDll                                          777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!VirtualProtect                                   76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!LoadLibraryExA                                   76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!LoadLibraryExW                                   76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!GlobalAlloc                                      76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!LoadLibraryA                                     76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!CreateFileA                                      76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!LoadLibraryW                                     76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!FreeLibrary                                      76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!WriteFile                                        76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!ExitProcess                                      76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!CreateProcessInternalA                           76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!WriteFileEx                                      76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!GetThreadContext                                 76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!WriteProcessMemory                               76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!VirtualProtectEx                                 76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\rundll32.exe[3584] kernel32.dll!SetThreadContext                                 76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + 6               777B560E 4 Bytes  [28, 54, 33, 00] {SUB [EBX+ESI+0x0], DL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + B               777B5613 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [28, 57, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + 6                 777B5D1E 4 Bytes  [68, 54, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + B                 777B5D23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + 6              777B5DCE 4 Bytes  [A8, 55, 33, 00] {TEST AL, 0x55; XOR EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + B              777B5DD3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessToken + B         777B5DE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + 6       777B5DEE 4 Bytes  [A8, 56, 33, 00] {TEST AL, 0x56; XOR EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + B       777B5DF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + 6               777B5E4E 4 Bytes  [68, 55, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + B               777B5E53 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + 6          777B5E5E 4 Bytes  [68, 56, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + B          777B5E63 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadTokenEx + B        777B5E73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + 6      777B5F7E 4 Bytes  [A8, 54, 33, 00] {TEST AL, 0x54; XOR EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + B      777B5F83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryFullAttributesFile + B  777B6033 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + 6       777B667E 4 Bytes  [28, 55, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + B       777B6683 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + 6     777B66DE 4 Bytes  [28, 56, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + B     777B66E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6       777B69FE 4 Bytes  [68, 57, 33, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + B       777B6A03 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3976] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + 6               777B560E 4 Bytes  [28, 44, CB, 00] {SUB [EBX+ECX*8+0x0], AL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + B               777B5613 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [28, 47, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + 6                 777B5D1E 4 Bytes  [68, 44, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + B                 777B5D23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + 6              777B5DCE 4 Bytes  [A8, 45, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + B              777B5DD3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + B         777B5DE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + 6       777B5DEE 4 Bytes  [A8, 46, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + B       777B5DF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + 6               777B5E4E 4 Bytes  [68, 45, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + B               777B5E53 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + 6          777B5E5E 4 Bytes  [68, 46, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + B          777B5E63 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + B        777B5E73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + 6      777B5F7E 4 Bytes  [A8, 44, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + B      777B5F83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + B  777B6033 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + 6       777B667E 4 Bytes  [28, 45, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + B       777B6683 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + 6     777B66DE 4 Bytes  [28, 46, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + B     777B66E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6       777B69FE 4 Bytes  [68, 47, CB, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + B       777B6A03 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] ntdll.dll!RtlExitUserThread                                    7779F608 5 Bytes  JMP 756D50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] ntdll.dll!KiUserExceptionDispatcher                            777B7048 5 Bytes  JMP 756D8710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] ntdll.dll!LdrLoadDll                                           777D22AE 5 Bytes  JMP 756D4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!CreateProcessA                                    76BD2082 5 Bytes  JMP 756D5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!VirtualProtect                                    76C12CDD 5 Bytes  JMP 756D4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!LoadLibraryExA                                    76C14576 5 Bytes  JMP 756D5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!LoadLibraryExW                                    76C15189 5 Bytes  JMP 756D5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!GlobalAlloc                                       76C1A235 5 Bytes  JMP 756D5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!GetProcAddress                                    76C1CD44 5 Bytes  JMP 756D50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!LoadLibraryA                                      76C1DD15 5 Bytes  JMP 756D5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!CreateFileA                                       76C1EB11 5 Bytes  JMP 756D5160 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!LoadLibraryW                                      76C1EFF2 5 Bytes  JMP 756D5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!FreeLibrary                                       76C1F017 5 Bytes  JMP 756D5330 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!WriteFile                                         76C254A6 5 Bytes  JMP 756D4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!ExitProcess                                       76C2BC9A 5 Bytes  JMP 756D5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!CreateProcessInternalA                            76C2C954 5 Bytes  JMP 756D5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!WriteFileEx                                       76C355E5 5 Bytes  JMP 756D4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!GetThreadContext                                  76C38C8C 5 Bytes  JMP 756D50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!WriteProcessMemory                                76C39657 5 Bytes  JMP 756D4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!WinExec                                           76C5F22E 5 Bytes  JMP 756D4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!VirtualProtectEx                                  76C60269 5 Bytes  JMP 756D4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[4208] kernel32.dll!SetThreadContext                                  76C60DE3 5 Bytes  JMP 756D4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtCreateFile + 6               777B560E 4 Bytes  CALL 5A7A5627
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtCreateFile + B               777B5613 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [28, EB, 14, 00] {SUB BL, CH; ADC AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenFile + 6                 777B5D1E 4 Bytes  CALL 5A7A5D37
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenFile + B                 777B5D23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcess + 6              777B5DCE 4 Bytes  JMP 5A7A5DE7
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcess + B              777B5DD3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessToken + B         777B5DE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + 6       777B5DEE 4 Bytes  JMP E2FF0014
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + B       777B5DF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThread + 6               777B5E4E 4 Bytes  JMP 5A7A5E67
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThread + B               777B5E53 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + 6          777B5E5E 4 Bytes  JMP E2FF0014
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + B          777B5E63 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadTokenEx + B        777B5E73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + 6      777B5F7E 4 Bytes  CALL 5A7A5F97
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + B      777B5F83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryFullAttributesFile + B  777B6033 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationFile + 6       777B667E 4 Bytes  JMP 5A7A6697
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationFile + B       777B6683 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationThread + 6     777B66DE 4 Bytes  JMP E2FF0014
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationThread + B     777B66E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + 6       777B69FE 4 Bytes  [68, EB, 14, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + B       777B6A03 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [18, 20, 27, 72]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4968] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + 6               777B560E 4 Bytes  [28, 38, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + B               777B5613 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [28, 3B, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + 6                 777B5D1E 4 Bytes  [68, 38, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + B                 777B5D23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + 6              777B5DCE 4 Bytes  [A8, 39, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + B              777B5DD3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + B         777B5DE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + 6       777B5DEE 4 Bytes  [A8, 3A, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + B       777B5DF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + 6               777B5E4E 4 Bytes  [68, 39, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + B               777B5E53 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + 6          777B5E5E 4 Bytes  [68, 3A, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + B          777B5E63 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + B        777B5E73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + 6      777B5F7E 4 Bytes  [A8, 38, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + B      777B5F83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + B  777B6033 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + 6       777B667E 4 Bytes  [28, 39, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + B       777B6683 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + 6     777B66DE 4 Bytes  [28, 3A, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + B     777B66E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6       777B69FE 4 Bytes  [68, 3B, A2, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + B       777B6A03 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + 6               777B560E 4 Bytes  [28, 14, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + B               777B5613 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + 6         777B5C6E 4 Bytes  [28, 17, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + B         777B5C73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + 6                 777B5D1E 4 Bytes  [68, 14, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + B                 777B5D23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + 6              777B5DCE 4 Bytes  [A8, 15, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + B              777B5DD3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessToken + B         777B5DE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + 6       777B5DEE 4 Bytes  [A8, 16, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + B       777B5DF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + 6               777B5E4E 4 Bytes  [68, 15, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + B               777B5E53 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + 6          777B5E5E 4 Bytes  [68, 16, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + B          777B5E63 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadTokenEx + B        777B5E73 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + 6      777B5F7E 4 Bytes  [A8, 14, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + B      777B5F83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryFullAttributesFile + B  777B6033 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + 6       777B667E 4 Bytes  [28, 15, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + B       777B6683 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + 6     777B66DE 4 Bytes  [28, 16, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + B     777B66E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + 6       777B69FE 4 Bytes  [68, 17, EE, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + B       777B6A03 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] kernel32.dll!LoadLibraryExW              76C15189 5 Bytes  JMP 756DA1F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] kernel32.dll!CreateActCtxW               76C157ED 5 Bytes  JMP 756D98F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] kernel32.dll!CreateFileW                 76C1E955 5 Bytes  JMP 756D9FD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] kernel32.dll!FreeLibrary                 76C1F017 5 Bytes  JMP 756DA110 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] kernel32.dll!ReplaceFile                 76C317C0 5 Bytes  JMP 756D99B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] USER32.dll!CreateWindowExW               7696EC7C 5 Bytes  JMP 756D9F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] SHELL32.dll!SHExtractIconsW              75D0543B 5 Bytes  JMP 756D3D90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ole32.dll!StgOpenStorageEx               76DD6D42 5 Bytes  JMP 756BDDB0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                  
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@1D4BF69E          156
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                        1322

---- EOF - GMER 2.1 ----

--- --- ---

Ich bedanke mich jetzt schon mal für die schnelle Reaktion, ich habe leider nur sporadisches Internet da ich im Ausland bin und mich auf WiFi in Cafés und Universität beschränken muss!

schrauber 01.04.2015 18:46
http://www.filepony.de/icon/panda_usb_vaccine.png Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ones 02.04.2015 12:18
Die ComboFix Logfile

Code:

Combofix Logfile:

       
Code:

       
ComboFix 15-04-01.01 - Kunde 02.04.2015  18:45:02.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3493.2046 [GMT 8:00]
ausgeführt von:: c:\users\Kunde\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
SP: Sophos Anti-Virus *Enabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-02 bis 2015-04-02  ))))))))))))))))))))))))))))))
.
.
2015-04-02 11:08 . 2015-04-02 11:08        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-04-02 10:32 . 2015-04-02 10:40        --------        d-----w-        C:\32788R22FWJFW
2015-04-02 10:26 . 2015-04-02 10:26        --------        d-----w-        c:\programdata\Panda Security
2015-04-02 10:26 . 2015-04-02 10:26        --------        d-----w-        c:\program files\Panda USB Vaccine
2015-04-01 09:12 . 2015-04-01 09:14        --------        d-----w-        C:\FRST
2015-04-01 07:52 . 2015-04-02 10:17        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 07:52 . 2015-03-16 22:15        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-01 07:52 . 2015-03-16 22:15        92888        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 07:52 . 2015-03-16 22:15        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-04-01 07:52 . 2015-04-01 07:52        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2015-04-01 07:52 . 2015-04-01 07:52        --------        d-----w-        c:\programdata\Malwarebytes
2015-04-01 07:22 . 2015-04-01 07:22        --------        d-----w-        c:\users\Kunde\AppData\Local\Sophos
2015-03-31 08:22 . 2015-03-14 10:06        9119072        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E4F17B4-9A19-41FD-A94F-F7D69F825B2D}\mpengine.dll
2015-03-25 07:59 . 2015-03-11 03:30        534528        ----a-w-        c:\windows\system32\generaltel.dll
2015-03-25 07:59 . 2015-03-11 03:29        818176        ----a-w-        c:\windows\system32\appraiser.dll
2015-03-25 07:59 . 2015-03-11 03:29        26112        ----a-w-        c:\windows\system32\acmigration.dll
2015-03-25 07:59 . 2015-03-11 03:30        623616        ----a-w-        c:\windows\system32\invagent.dll
2015-03-25 07:59 . 2015-03-11 03:29        327168        ----a-w-        c:\windows\system32\devinv.dll
2015-03-25 07:59 . 2015-03-11 03:26        892928        ----a-w-        c:\windows\system32\aeinv.dll
2015-03-25 07:59 . 2015-03-11 03:29        202752        ----a-w-        c:\windows\system32\aepdu.dll
2015-03-25 07:59 . 2015-03-11 03:29        159744        ----a-w-        c:\windows\system32\aepic.dll
2015-03-24 05:25 . 2015-03-24 05:25        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2015-03-24 05:25 . 2015-03-24 06:58        --------        d-----w-        c:\users\Kunde\AppData\Roaming\Winamp
2015-03-24 05:25 . 2015-03-24 05:27        --------        d-----w-        c:\program files\Winamp
2015-03-13 13:13 . 2015-03-29 13:13        --------        d-----w-        c:\users\Kunde\AppData\Roaming\vlc
2015-03-13 13:11 . 2015-03-13 13:11        --------        d-----w-        c:\program files\VideoLAN
2015-03-12 12:10 . 2015-03-12 14:34        --------        d-----w-        C:\PSpice Projekte
2015-03-12 11:47 . 2015-03-12 11:48        --------        d-----w-        c:\program files\RFSim99
2015-03-12 11:47 . 1998-02-06 13:37        299520        ----a-w-        c:\windows\uninst.exe
2015-03-12 09:30 . 2015-03-12 09:31        --------        d-----w-        c:\program files\PDF Architect 2
2015-03-12 09:30 . 2015-03-12 09:30        --------        d-----w-        c:\users\Kunde\AppData\Local\pdfforge
2015-03-12 09:30 . 2015-03-12 09:30        --------        d-----w-        c:\users\Kunde\AppData\Local\PDFCreator
2015-03-12 09:24 . 2015-03-12 09:24        --------        d-----w-        c:\programdata\PDF Architect 2
2015-03-12 09:23 . 2015-03-12 09:23        --------        d-----w-        c:\users\Kunde\AppData\Roaming\pdfforge
2015-03-12 09:23 . 2015-03-12 09:24        98488        ----a-w-        c:\windows\system32\pdfcmon.dll
2015-03-12 09:23 . 2015-03-12 09:24        --------        d-----w-        c:\program files\PDFCreator
2015-03-12 09:11 . 2015-03-12 09:11        --------        d-----w-        C:\1
2015-03-11 13:29 . 2015-02-03 03:12        988160        ----a-w-        c:\windows\system32\drmv2clt.dll
2015-03-11 13:29 . 2015-02-03 03:12        744960        ----a-w-        c:\windows\system32\blackbox.dll
2015-03-11 13:29 . 2015-02-03 03:12        617984        ----a-w-        c:\windows\system32\wmdrmsdk.dll
2015-03-11 13:29 . 2015-02-03 03:12        3209728        ----a-w-        c:\windows\system32\mf.dll
2015-03-11 13:29 . 2015-02-03 03:16        3973048        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2015-03-11 13:29 . 2015-02-03 03:12        406016        ----a-w-        c:\windows\system32\drmmgrtn.dll
2015-03-11 13:29 . 2015-02-03 03:12        1174528        ----a-w-        c:\windows\system32\crypt32.dll
2015-03-11 13:29 . 2015-02-03 03:00        593920        ----a-w-        c:\windows\system32\drivers\PEAuth.sys
2015-03-11 13:18 . 2015-02-20 04:13        26624        ----a-w-        c:\windows\system32\lpk.dll
2015-03-11 13:18 . 2015-02-20 03:09        299008        ----a-w-        c:\windows\system32\atmfd.dll
2015-03-11 13:18 . 2015-02-20 04:13        70656        ----a-w-        c:\windows\system32\fontsub.dll
2015-03-11 13:18 . 2015-02-20 04:13        10240        ----a-w-        c:\windows\system32\dciman32.dll
2015-03-11 13:18 . 2015-02-20 04:13        34304        ----a-w-        c:\windows\system32\atmlib.dll
2015-03-11 13:18 . 2015-02-04 02:54        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2015-03-11 13:16 . 2015-02-20 02:22        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2015-03-11 13:14 . 2015-02-03 03:12        171520        ----a-w-        c:\windows\system32\ubpm.dll
2015-03-11 06:50 . 2015-03-11 06:50        --------        d-----w-        c:\users\Kunde\AppData\Roaming\Subversion
2015-03-11 06:50 . 2015-03-11 06:50        --------        d-----w-        c:\users\Kunde\AppData\Local\MathWorks
2015-03-10 04:00 . 2015-03-10 04:00        --------        d-----w-        c:\users\Kunde\AppData\Roaming\MathWorks
2015-03-10 03:58 . 2015-03-10 03:58        --------        d-----w-        c:\programdata\MathWorks
2015-03-10 02:00 . 2015-03-12 09:49        --------        d-----w-        c:\program files\MATLAB
2015-03-10 01:45 . 2015-03-10 01:45        --------        d-sh--w-        c:\users\Kunde\AppData\Local\EmieUserList
2015-03-10 01:45 . 2015-03-10 01:45        --------        d-sh--w-        c:\users\Kunde\AppData\Local\EmieSiteList
2015-03-10 01:45 . 2015-03-10 01:45        --------        d-sh--w-        c:\users\Kunde\AppData\Local\EmieBrowserModeList
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 20:23 . 2015-02-06 19:29        246920        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-10 10:36 . 2015-02-05 16:14        627912        ----a-w-        c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-06 09:07 . 2015-02-06 09:07        71680        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2015-02-06 09:07 . 2015-02-06 09:07        645120        ----a-w-        c:\windows\system32\jsIntl.dll
2015-02-06 09:07 . 2015-02-06 09:07        194048        ----a-w-        c:\windows\system32\elshyph.dll
2015-02-06 09:07 . 2015-02-06 09:07        182272        ----a-w-        c:\windows\system32\msls31.dll
2015-02-06 09:07 . 2015-02-06 09:07        62464        ----a-w-        c:\windows\system32\tdc.ocx
2015-02-06 09:07 . 2015-02-06 09:07        337408        ----a-w-        c:\windows\system32\html.iec
2015-02-06 09:07 . 2015-02-06 09:07        24576        ----a-w-        c:\windows\system32\licmgr10.dll
2015-02-06 09:07 . 2015-02-06 09:07        151552        ----a-w-        c:\windows\system32\iexpress.exe
2015-02-06 09:07 . 2015-02-06 09:07        139264        ----a-w-        c:\windows\system32\wextract.exe
2015-02-06 09:07 . 2015-02-06 09:07        74240        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2015-02-06 09:07 . 2015-02-06 09:07        36352        ----a-w-        c:\windows\system32\imgutil.dll
2015-02-06 09:07 . 2015-02-06 09:07        13312        ----a-w-        c:\windows\system32\mshta.exe
2015-02-06 09:07 . 2015-02-06 09:07        111616        ----a-w-        c:\windows\system32\IEAdvpack.dll
2015-02-06 09:07 . 2015-02-06 09:07        86016        ----a-w-        c:\windows\system32\iesysprep.dll
2015-02-06 09:07 . 2015-02-06 09:07        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2015-02-06 09:06 . 2015-02-06 09:06        640512        ----a-w-        c:\windows\system32\advapi32.dll
2015-02-06 09:06 . 2015-02-06 09:06        619520        ----a-w-        c:\windows\system32\tdh.dll
2015-02-06 09:06 . 2015-02-06 09:06        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2015-02-06 09:05 . 2015-02-06 09:05        231424        ----a-w-        c:\windows\system32\mswsock.dll
2015-02-06 09:05 . 2015-02-06 09:05        49152        ----a-w-        c:\windows\system32\taskhost.exe
2015-02-06 09:02 . 2015-02-06 09:02        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        906240        ----a-w-        c:\windows\system32\FntCache.dll
2015-02-06 09:02 . 2015-02-06 09:02        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2015-02-06 09:02 . 2015-02-06 09:02        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2015-02-06 09:02 . 2015-02-06 09:02        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2015-02-06 09:02 . 2015-02-06 09:02        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2015-02-06 09:02 . 2015-02-06 09:02        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2015-02-06 09:02 . 2015-02-06 09:02        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2015-02-06 09:02 . 2015-02-06 09:02        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2015-02-06 09:02 . 2015-02-06 09:02        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-06 09:02 . 2015-02-06 09:02        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2015-02-06 09:02 . 2015-02-06 09:02        293376        ----a-w-        c:\windows\system32\dxgi.dll
2015-02-06 09:02 . 2015-02-06 09:02        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
2015-02-06 09:00 . 2015-02-06 09:00        1505280        ----a-w-        c:\windows\system32\d3d11.dll
2015-02-05 02:07 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2015-02-04 18:32 . 2015-02-04 16:51        2551168        ----a-w-        c:\programdata\Microsoft\VisualStudio\11.0\1031\ResourceCache.dll
2015-02-04 15:44 . 2015-02-04 15:44        242240        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2015-02-04 15:13 . 2015-02-04 15:04        31528        ----a-w-        c:\windows\system32\SophosBootTasks.exe
2015-02-04 15:10 . 2015-02-04 15:10        150008        ----a-w-        c:\windows\system32\sdccoinstaller.dll
2015-02-04 15:07 . 2015-02-04 15:07        34560        ----a-w-        c:\windows\system32\drivers\sdcfilter.sys
2015-01-27 23:36 . 2015-02-11 12:44        1167520        ----a-w-        c:\windows\system32\aitstatic.exe
2015-01-09 02:48 . 2015-02-11 12:46        76800        ----a-w-        c:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-11 12:46        635904        ----a-w-        c:\windows\system32\perftrack.dll
2015-01-09 02:48 . 2015-02-11 12:46        27136        ----a-w-        c:\windows\system32\powertracker.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}]
2014-10-10 08:03        37928        ----a-w-        c:\program files\PDF Architect 2\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DEEB13D7-CEA9-45FB-B77C-E039BEC85221}"= "c:\program files\PDF Architect 2\creator-ie-plugin.dll" [2014-10-10 478760]
.
[HKEY_CLASSES_ROOT\clsid\{deeb13d7-cea9-45fb-b77c-e039bec85221}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{30CEDC3C-254F-4827-9A25-A4AA041826CC}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 09:59        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 09:59        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 09:59        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-26 144704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-26 180032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-26 188736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2014-07-28 2379504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-02-05 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23        3672640        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ForteConfig]
2010-10-26 09:39        49568        ------w-        c:\program files\CONEXANT\ForteConfig\fmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-01-27 02:58        157480        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor]
2015-03-04 05:26        1593640        ----a-w-        c:\program files\Sophos\AutoUpdate\ALMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-01-23 22:33        1942720        ----a-w-        c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-16 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-16 1080120]
R2 PDF Architect 2 Creator;PDF Architect 2 Creator;c:\program files\PDF Architect 2\creator-ws.exe [2014-10-10 738856]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [2015-02-04 1487144]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-16 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-16 51928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2015-02-04 34560]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2014-04-30 23680]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2014-04-30 134912]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2014-04-30 33408]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-02-09 1843896]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-17 190592]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-05-25 76288]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-11-18 446592]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2014-04-30 288552]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2015-02-04 208168]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2015-02-04 341800]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2015-02-04 3274536]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2015-02-04 242240]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 289792]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-03-09 760936]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 39280]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-23 01:42        1061704        ----a-w-        c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-04 15:29]
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-04 15:29]
.
2015-04-02 c:\windows\Tasks\MATLAB R2015a Startup Accelerator.job
- c:\program files\MATLAB\R2015a\bin\win32\MATLABStartupAccelerator.exe [2015-03-10 11:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.9.5
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-02  19:14:18
ComboFix-quarantined-files.txt  2015-04-02 11:14
.
Vor Suchlauf: 13 Verzeichnis(se), 114.006.274.048 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 114.551.427.072 Bytes frei
.
- - End Of File - - 8BA357529F800EF4D7D5AFE0CD095A9C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 02.04.2015 20:42
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

ones 03.04.2015 04:27
Hallo Schrauber, schonmal vielen Dank für deine Mühen!!!

Das AdwCleaner log

AdwCleaner Logfile:
Code:
# AdwCleaner v4.200 - Bericht erstellt 03/04/2015 um 11:08:49
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Kunde - KUNDE-PC
# Gestarted von : C:\Users\Kunde\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Kunde\AppData\Local\pdfforge
Ordner Gelöscht : C:\Users\Kunde\AppData\Roaming\pdfforge

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.101

[C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.electrovoice.com/searchresults.php?searchinput={searchTerms}
[C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M5806E547-A444-4184-BF2C-860EF9B202AA&SearchSource=58&CUI=&UM=6&UP=SP9835A591-22B5-4C5C-93F0-BE13718E9685&q={searchTerms}&SSPV=
[C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [1095 Bytes] - [05/02/2015 22:02:54]
AdwCleaner[R1].txt - [2080 Bytes] - [03/04/2015 11:07:16]
AdwCleaner[S0].txt - [2000 Bytes] - [03/04/2015 11:08:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2059  Bytes] ##########
--- --- ---

[/CODE]


Das Junkware log

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Professional x86
Ran by Kunde on 03.04.2015 at 11:19:05,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2015 at 11:21:03,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

[/CODE]

Das FRST log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Kunde (administrator) on KUNDE-PC on 03-04-2015 11:24:38
Running from C:\Users\Kunde\Desktop
Loaded Profiles: Kunde (Available profiles: Kunde)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2014-07-28] (Synaptics Incorporated)
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-05] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-02-04] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.9.5

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-06] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Sheets) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (AdBlock) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-10]
CHR Extension: (Google Wallet) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]
CHR Extension: (Gmail) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-27] (Intel Corporation)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-26] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-18] (Conexant Systems, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-04-30] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-02-04] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-02-04] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-02-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-02-04] (Sophos Limited)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-02-04] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-06-28] (Intel Corporation)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-26] (REDC)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [760936 2012-03-09] (Realtek Semiconductor Corporation                          )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-04-30] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2015-02-04] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-04-30] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [39280 2014-07-28] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-04-30] (Sophos Limited)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Kunde\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 11:24 - 2015-04-03 11:25 - 00016142 _____ () C:\Users\Kunde\Desktop\FRST.txt
2015-04-03 11:21 - 2015-04-03 11:21 - 00000898 _____ () C:\Users\Kunde\Desktop\JRT.txt
2015-04-03 11:19 - 2015-04-03 11:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KUNDE-PC-Windows-7-Professional-(32-bit).dat
2015-04-03 11:19 - 2015-04-03 11:19 - 00000000 ____D () C:\RegBackup
2015-04-03 11:17 - 2015-04-03 11:17 - 02690981 _____ (Thisisu) C:\Users\Kunde\Desktop\JRT.exe
2015-04-03 11:05 - 2015-04-03 11:05 - 02208768 _____ () C:\Users\Kunde\Desktop\AdwCleaner_4.200.exe
2015-04-02 18:40 - 2015-04-02 19:14 - 00000000 ____D () C:\ComboFix
2015-04-02 18:37 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-02 18:37 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-02 18:34 - 2015-04-02 19:14 - 00000000 ____D () C:\Qoobox
2015-04-02 18:33 - 2015-04-02 19:11 - 00000000 ____D () C:\Windows\erdnt
2015-04-02 18:32 - 2015-04-02 18:40 - 00000000 ____D () C:\32788R22FWJFW
2015-04-02 18:28 - 2015-04-02 18:30 - 05617096 ____R (Swearware) C:\Users\Kunde\Desktop\ComboFix.exe
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2015-04-02 18:24 - 2015-04-02 18:24 - 00848856 _____ (Panda Security ) C:\Users\Kunde\Desktop\USBVaccineSetup.exe
2015-04-01 22:52 - 2015-04-03 11:21 - 00000000 ____D () C:\Users\Kunde\Desktop\viruskampf
2015-04-01 17:16 - 2015-04-01 17:16 - 00380416 _____ () C:\Users\Kunde\Desktop\hls7unv5.exe
2015-04-01 17:12 - 2015-04-03 11:24 - 00000000 ____D () C:\FRST
2015-04-01 17:11 - 2015-04-01 17:11 - 01135104 _____ (Farbar) C:\Users\Kunde\Desktop\FRST.exe
2015-04-01 17:06 - 2015-04-01 17:06 - 00000000 _____ () C:\Users\Kunde\defogger_reenable
2015-04-01 17:00 - 2015-04-01 17:00 - 00050477 _____ () C:\Users\Kunde\Desktop\Defogger.exe
2015-04-01 15:52 - 2015-04-03 11:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:52 - 2015-04-01 15:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 15:41 - 2015-04-01 15:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kunde\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 15:22 - 2015-04-01 15:22 - 00000000 ____D () C:\Users\Kunde\AppData\Local\Sophos
2015-03-30 19:31 - 2015-03-30 19:31 - 00000297 _____ () C:\Users\Kunde\Downloads\iCalendar.ics
2015-03-25 15:59 - 2015-03-11 11:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 15:59 - 2015-03-11 11:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 15:59 - 2015-03-11 11:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 14:07 - 2015-03-24 14:08 - 03628849 _____ () C:\Users\Kunde\Downloads\ECV3001+Presentation+2014+15+aaaa+1+2.pptx
2015-03-24 13:26 - 2015-03-24 13:26 - 00000941 _____ () C:\Users\Public\Desktop\Winamp.lnk
2015-03-24 13:26 - 2015-03-24 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-24 13:25 - 2015-03-24 14:58 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Winamp
2015-03-24 13:25 - 2015-03-24 13:27 - 00000000 ____D () C:\Program Files\Winamp
2015-03-24 13:25 - 2015-03-24 13:25 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-03-24 13:23 - 2015-03-24 13:24 - 12855384 _____ (Nullsoft, Inc.) C:\Users\Kunde\Downloads\winamp5666_full_de-de_b3516.exe
2015-03-13 21:13 - 2015-03-29 21:13 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\vlc
2015-03-13 21:12 - 2015-03-13 21:12 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:12 - 2015-03-13 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-13 21:11 - 2015-03-13 21:11 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-13 21:05 - 2015-03-13 21:09 - 28509232 _____ () C:\Users\Kunde\Downloads\vlc-2.2.0-win32.exe
2015-03-13 21:02 - 2015-03-13 21:03 - 04247589 _____ () C:\Users\Kunde\Downloads\Demonstration_1_sub.rm
2015-03-13 17:42 - 2015-03-13 17:45 - 28292172 _____ () C:\Users\Kunde\Downloads\1 Vorlesung.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 01274520 _____ () C:\Users\Kunde\Downloads\2 Seminar.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00545689 _____ () C:\Users\Kunde\Downloads\3 Praktikum.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00013845 _____ () C:\Users\Kunde\Downloads\4 Literaturverzeichnis.zip
2015-03-12 20:57 - 2015-03-12 20:57 - 00000146 _____ () C:\Windows\Capture.INI
2015-03-12 20:10 - 2015-03-12 22:34 - 00000000 ____D () C:\PSpice Projekte
2015-03-12 19:47 - 2015-03-12 19:48 - 00000000 ____D () C:\Program Files\RFSim99
2015-03-12 19:47 - 2015-03-12 19:47 - 00000979 _____ () C:\Users\Kunde\Desktop\RFSim99.lnk
2015-03-12 19:47 - 2015-03-12 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFSim99
2015-03-12 19:47 - 1998-02-06 21:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\IO.SYS
2015-03-12 19:39 - 2015-03-12 19:40 - 00364545 _____ () C:\Users\Kunde\Downloads\Communication.zip
2015-03-12 17:43 - 2015-03-12 17:44 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2014b_win32
2015-03-12 17:36 - 2015-03-12 17:40 - 108292376 _____ () C:\Users\Kunde\Downloads\matlab_R2014b_win32.exe
2015-03-12 17:30 - 2015-03-12 17:31 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 ____D () C:\Users\Kunde\AppData\Local\PDFCreator
2015-03-12 17:24 - 2015-03-12 17:24 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-03-12 17:23 - 2015-03-12 17:24 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-12 17:23 - 2015-03-12 17:24 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-12 17:23 - 2015-03-12 17:23 - 00000993 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-12 17:23 - 2015-03-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-12 17:13 - 2015-03-12 17:14 - 27721680 _____ (pdfforge ) C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe
2015-03-12 17:13 - 2015-03-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSpice Student
2015-03-12 17:12 - 2015-03-12 22:34 - 00005383 _____ () C:\Windows\PSPICEEV.INI
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Windows\Crystal
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Program Files\OrCAD_Demo
2015-03-12 17:12 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-03-12 17:12 - 1997-08-28 17:00 - 03572224 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\crpe32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00416768 _____ (Seagate Software) C:\Windows\system32\cpeaut32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00183296 _____ (Seagate Software, Information Management Group, Inc.) C:\Windows\system32\crpaig32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00105984 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00064000 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2irdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00054272 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2ctdao.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\msjet35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00251664 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00121104 _____ (Microsoft Corporation) C:\Windows\system32\msjint35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00024336 _____ (Microsoft Corporation) C:\Windows\system32\msjter35.dll
2015-03-12 17:12 - 1997-01-22 22:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\Msvcp50.dll
2015-03-12 17:12 - 1996-11-08 03:48 - 00368912 _____ (Microsoft Corporation) C:\Windows\system32\vbar332.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00192512 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00176128 _____ () C:\Windows\system32\lffax60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00141824 _____ () C:\Windows\system32\lfcmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00110080 _____ () C:\Windows\system32\lfpng60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00046080 _____ () C:\Windows\system32\lftif60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00043008 _____ () C:\Windows\system32\ltfil60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00023552 _____ () C:\Windows\system32\lfpcx60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfpct60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfeps60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022016 _____ () C:\Windows\system32\lfbmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00020480 _____ () C:\Windows\system32\lfpsd60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019968 _____ () C:\Windows\system32\lftga60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwpg60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwmf60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00018432 _____ () C:\Windows\system32\lfmsp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00017920 _____ () C:\Windows\system32\lfmac60n.dll
2015-03-12 17:12 - 1995-07-26 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\system32\THREED32.OCX
2015-03-12 17:12 - 1995-02-15 01:11 - 00017920 _____ () C:\Windows\system32\implode.dll
2015-03-12 17:11 - 2015-03-12 17:11 - 00000000 ____D () C:\1
2015-03-12 17:05 - 2015-03-12 17:07 - 28620288 _____ () C:\Users\Kunde\Downloads\91pspstu.exe
2015-03-12 17:03 - 2015-03-12 17:04 - 02083060 _____ () C:\Users\Kunde\Downloads\rf-sim-99.zip
2015-03-11 21:43 - 2015-03-11 21:43 - 00000343 _____ () C:\Users\Kunde\Downloads\ruediger.schultheis.vcf
2015-03-11 21:42 - 2015-03-11 21:45 - 00000000 ____D () C:\Users\Kunde\Desktop\Sydney
2015-03-11 21:29 - 2015-02-03 11:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 21:29 - 2015-02-03 11:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 21:29 - 2015-02-03 11:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 21:28 - 2015-02-03 11:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 21:28 - 2015-02-03 11:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 21:28 - 2015-02-03 11:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 21:28 - 2015-02-03 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 21:28 - 2015-02-03 11:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 21:28 - 2015-02-03 11:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 21:28 - 2015-02-03 11:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 21:28 - 2015-02-03 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 21:28 - 2015-02-03 11:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 21:28 - 2015-02-03 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 21:28 - 2015-01-31 07:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 21:28 - 2014-11-01 06:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 21:18 - 2015-02-20 11:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 21:18 - 2015-02-04 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 21:17 - 2015-02-26 11:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 21:17 - 2015-02-24 10:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 21:17 - 2015-02-21 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 21:17 - 2015-02-20 10:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 21:17 - 2015-02-20 10:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 21:17 - 2015-02-20 10:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 21:17 - 2015-02-20 09:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 21:17 - 2015-02-20 09:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 21:17 - 2015-02-20 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 21:17 - 2015-02-20 09:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 21:17 - 2015-02-20 08:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 21:17 - 2015-02-13 13:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 21:17 - 2015-02-03 11:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 21:17 - 2015-01-17 10:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 21:16 - 2015-02-21 08:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 21:16 - 2015-02-21 08:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 21:16 - 2015-02-21 08:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 21:16 - 2015-02-21 07:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 21:16 - 2015-02-20 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 21:16 - 2015-02-20 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 21:16 - 2015-02-20 10:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 21:16 - 2015-02-20 10:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 21:16 - 2015-02-20 10:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 21:16 - 2015-02-20 10:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 21:16 - 2015-02-20 09:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 21:16 - 2015-02-20 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 21:16 - 2015-02-20 09:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 21:16 - 2015-02-20 09:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 21:16 - 2015-02-20 09:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 21:16 - 2015-02-20 09:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 21:16 - 2015-02-20 09:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 21:16 - 2015-02-20 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 21:14 - 2015-03-06 13:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 21:14 - 2015-03-06 13:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 21:14 - 2015-03-06 13:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 21:14 - 2015-03-06 13:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 21:14 - 2015-03-06 13:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 21:14 - 2015-03-06 13:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 21:14 - 2015-03-06 13:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 21:14 - 2015-03-06 13:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 21:14 - 2015-02-03 11:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Subversion
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Local\MathWorks
2015-03-11 14:49 - 2015-03-13 02:07 - 00000000 ____D () C:\Users\Kunde\Documents\MATLAB
2015-03-10 12:00 - 2015-03-10 12:00 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\MathWorks
2015-03-10 11:59 - 2015-03-10 11:59 - 00001299 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00001287 _____ () C:\Users\Public\Desktop\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-03-10 11:58 - 2015-04-03 11:15 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2015-03-10 11:58 - 2015-03-10 11:58 - 00000000 ____D () C:\ProgramData\MathWorks
2015-03-10 11:58 - 2004-09-06 09:05 - 00645120 _____ () C:\Windows\system32\config.gms
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Users\Kunde\Downloads\MathWorks
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Program Files\MATLAB
2015-03-10 09:56 - 2015-03-10 09:56 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2015a_win32
2015-03-10 09:54 - 2015-03-10 09:55 - 90954008 _____ () C:\Users\Kunde\Downloads\matlab_R2015a_win32.exe
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieUserList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieSiteList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieBrowserModeList
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-10 08:38 - 2015-03-10 08:38 - 01877056 _____ () C:\Users\Kunde\Downloads\wrar521d.exe
2015-03-04 13:18 - 2015-03-31 22:16 - 00000000 ____D () C:\Users\Kunde\Desktop\SAT
2015-03-04 13:18 - 2015-03-24 14:34 - 00000000 ____D () C:\Users\Kunde\Desktop\Eng. Soc
2015-03-04 13:18 - 2015-03-24 11:44 - 00000000 ____D () C:\Users\Kunde\Desktop\COM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 11:18 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 11:18 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 11:14 - 2015-02-03 22:09 - 01607518 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 11:10 - 2015-02-04 23:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 11:10 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 11:10 - 2009-07-14 12:39 - 00088373 _____ () C:\Windows\setupact.log
2015-04-03 11:08 - 2015-02-05 22:02 - 00000000 ____D () C:\AdwCleaner
2015-04-02 19:57 - 2015-02-05 10:32 - 00070376 _____ () C:\Windows\PFRO.log
2015-04-02 19:42 - 2015-02-04 23:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 19:14 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
2015-04-02 19:14 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2015-04-02 19:09 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 21:56 - 2015-02-09 04:59 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Skype
2015-04-01 17:06 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde
2015-03-30 22:40 - 2015-02-11 19:58 - 00000000 ____D () C:\Users\Kunde\Desktop\Sammelstuff
2015-03-30 18:47 - 2015-02-03 22:17 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 21:06 - 2015-02-11 20:13 - 00000000 ____D () C:\Users\Kunde\Documents\Tagebuch
2015-03-28 08:46 - 2015-02-06 18:13 - 00000000 ____D () C:\Users\Kunde\AppData\Local\NFS Underground 2
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 21:56 - 2009-07-14 12:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 00:09 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 19:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-03-24 16:07 - 2015-02-17 06:13 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-03-24 10:34 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-23 09:46 - 2015-02-04 23:31 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:33 - 2015-02-05 23:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 20:08 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde\AppData\Local\VirtualStore
2015-03-12 19:48 - 2015-02-05 22:02 - 00000000 ____D () C:\Users\Kunde\Documents\Programme
2015-03-12 09:11 - 2009-07-14 12:33 - 00437312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 01:22 - 2015-02-03 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 01:14 - 2015-02-03 22:50 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Kunde\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Kunde\AppData\Local\Temp\Quarantine.exe
C:\Users\Kunde\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 10:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Ich weiß nicht ob es relevant ist aber ich habe permanent den USB Stick eingesteckt gelassen!

Gruß,
Jonas

schrauber 03.04.2015 13:47
Ist auch korrekt. Noch ein Kontrollscan, dann machen wir die Verknüpfungen weg.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ones 04.04.2015 16:25
Hallo Schrauber,

ESET

Code:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=90474aa0f761014a862f8edc0e491019
# engine=23229
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-04 02:07:17
# local_time=2015-04-04 10:07:17 (+0800, Malaiische Halbinsel Normalzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 179787628 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 0 34638427 0 0
# scanned=539051
# found=1
# cleaned=0
# scan_time=13901
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe"

checkup

Code:

 Results of screen317's Security Check version 0.99.99 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Visual Studio Extensions for Windows Library for JavaScript
 JavaScript Tooling   
 Java version 32-bit out of Date!
 Adobe Reader XI 
 Google Chrome (41.0.2272.101)
 Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent```````` 
 Sophos Sophos Anti-Virus SavService.exe 
 Sophos Sophos Anti-Virus SAVAdminService.exe 
 Sophos Sophos Anti-Virus Web Control swc_service.exe
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Kunde (administrator) on KUNDE-PC on 04-04-2015 23:20:08
Running from C:\Users\Kunde\Desktop
Loaded Profiles: Kunde (Available profiles: Kunde)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2014-07-28] (Synaptics Incorporated)
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-05] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-02-04] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2428416208-3339100590-1231843568-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-15] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.20.28.1 8.8.8.8 8.8.4.4

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-06] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Sheets) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (AdBlock) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-10]
CHR Extension: (Google Wallet) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]
CHR Extension: (Gmail) - C:\Users\Kunde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-27] (Intel Corporation)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-26] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-18] (Conexant Systems, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-04-30] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-02-04] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-02-04] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-02-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-02-04] (Sophos Limited)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-02-04] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-06-28] (Intel Corporation)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-26] (REDC)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [760936 2012-03-09] (Realtek Semiconductor Corporation                          )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-04-30] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2015-02-04] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-04-30] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [39280 2014-07-28] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-04-30] (Sophos Limited)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Kunde\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 23:20 - 2015-04-04 23:20 - 00016658 _____ () C:\Users\Kunde\Desktop\FRST.txt
2015-04-04 23:11 - 2015-04-04 23:12 - 00852607 _____ () C:\Users\Kunde\Desktop\SecurityCheck.exe
2015-04-04 23:02 - 2015-04-04 22:07 - 00000987 _____ () C:\Users\Kunde\Desktop\ESET.txt
2015-04-04 11:29 - 2015-04-04 11:40 - 00000027 _____ () C:\Users\Kunde\Desktop\Neues Textdokument.txt
2015-04-04 10:11 - 2015-04-04 10:13 - 02347384 _____ (ESET) C:\Users\Kunde\Desktop\esetsmartinstaller_deu.exe
2015-04-03 11:19 - 2015-04-03 11:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KUNDE-PC-Windows-7-Professional-(32-bit).dat
2015-04-03 11:19 - 2015-04-03 11:19 - 00000000 ____D () C:\RegBackup
2015-04-03 11:17 - 2015-04-03 11:17 - 02690981 _____ (Thisisu) C:\Users\Kunde\Desktop\JRT.exe
2015-04-03 11:05 - 2015-04-03 11:05 - 02208768 _____ () C:\Users\Kunde\Desktop\AdwCleaner_4.200.exe
2015-04-02 18:40 - 2015-04-02 19:14 - 00000000 ____D () C:\ComboFix
2015-04-02 18:37 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-02 18:37 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-02 18:37 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-02 18:34 - 2015-04-02 19:14 - 00000000 ____D () C:\Qoobox
2015-04-02 18:33 - 2015-04-02 19:11 - 00000000 ____D () C:\Windows\erdnt
2015-04-02 18:32 - 2015-04-02 18:40 - 00000000 ____D () C:\32788R22FWJFW
2015-04-02 18:28 - 2015-04-02 18:30 - 05617096 ____R (Swearware) C:\Users\Kunde\Desktop\ComboFix.exe
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-04-02 18:26 - 2015-04-02 18:26 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2015-04-02 18:24 - 2015-04-02 18:24 - 00848856 _____ (Panda Security ) C:\Users\Kunde\Desktop\USBVaccineSetup.exe
2015-04-01 22:52 - 2015-04-04 23:19 - 00000000 ____D () C:\Users\Kunde\Desktop\viruskampf
2015-04-01 17:16 - 2015-04-01 17:16 - 00380416 _____ () C:\Users\Kunde\Desktop\hls7unv5.exe
2015-04-01 17:12 - 2015-04-04 23:20 - 00000000 ____D () C:\FRST
2015-04-01 17:11 - 2015-04-01 17:11 - 01135104 _____ (Farbar) C:\Users\Kunde\Desktop\FRST.exe
2015-04-01 17:06 - 2015-04-01 17:06 - 00000000 _____ () C:\Users\Kunde\defogger_reenable
2015-04-01 17:00 - 2015-04-01 17:00 - 00050477 _____ () C:\Users\Kunde\Desktop\Defogger.exe
2015-04-01 15:52 - 2015-04-04 09:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:52 - 2015-04-01 15:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 15:52 - 2015-04-01 15:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-01 15:52 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 15:52 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 15:41 - 2015-04-01 15:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kunde\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 15:22 - 2015-04-01 15:22 - 00000000 ____D () C:\Users\Kunde\AppData\Local\Sophos
2015-03-30 19:31 - 2015-03-30 19:31 - 00000297 _____ () C:\Users\Kunde\Downloads\iCalendar.ics
2015-03-25 15:59 - 2015-03-11 11:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 15:59 - 2015-03-11 11:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 15:59 - 2015-03-11 11:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 15:59 - 2015-03-11 11:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 14:07 - 2015-03-24 14:08 - 03628849 _____ () C:\Users\Kunde\Downloads\ECV3001+Presentation+2014+15+aaaa+1+2.pptx
2015-03-24 13:26 - 2015-03-24 13:26 - 00000941 _____ () C:\Users\Public\Desktop\Winamp.lnk
2015-03-24 13:26 - 2015-03-24 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-24 13:25 - 2015-03-24 14:58 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Winamp
2015-03-24 13:25 - 2015-03-24 13:27 - 00000000 ____D () C:\Program Files\Winamp
2015-03-24 13:25 - 2015-03-24 13:25 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-03-24 13:23 - 2015-03-24 13:24 - 12855384 _____ (Nullsoft, Inc.) C:\Users\Kunde\Downloads\winamp5666_full_de-de_b3516.exe
2015-03-13 21:13 - 2015-03-29 21:13 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\vlc
2015-03-13 21:12 - 2015-03-13 21:12 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:12 - 2015-03-13 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-13 21:11 - 2015-03-13 21:11 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-13 21:05 - 2015-03-13 21:09 - 28509232 _____ () C:\Users\Kunde\Downloads\vlc-2.2.0-win32.exe
2015-03-13 21:02 - 2015-03-13 21:03 - 04247589 _____ () C:\Users\Kunde\Downloads\Demonstration_1_sub.rm
2015-03-13 17:42 - 2015-03-13 17:45 - 28292172 _____ () C:\Users\Kunde\Downloads\1 Vorlesung.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 01274520 _____ () C:\Users\Kunde\Downloads\2 Seminar.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00545689 _____ () C:\Users\Kunde\Downloads\3 Praktikum.zip
2015-03-13 17:42 - 2015-03-13 17:42 - 00013845 _____ () C:\Users\Kunde\Downloads\4 Literaturverzeichnis.zip
2015-03-12 20:57 - 2015-03-12 20:57 - 00000146 _____ () C:\Windows\Capture.INI
2015-03-12 20:10 - 2015-03-12 22:34 - 00000000 ____D () C:\PSpice Projekte
2015-03-12 19:47 - 2015-03-12 19:48 - 00000000 ____D () C:\Program Files\RFSim99
2015-03-12 19:47 - 2015-03-12 19:47 - 00000979 _____ () C:\Users\Kunde\Desktop\RFSim99.lnk
2015-03-12 19:47 - 2015-03-12 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFSim99
2015-03-12 19:47 - 1998-02-06 21:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-12 19:46 - 2015-03-12 19:46 - 00000000 __RSH () C:\IO.SYS
2015-03-12 19:39 - 2015-03-12 19:40 - 00364545 _____ () C:\Users\Kunde\Downloads\Communication.zip
2015-03-12 17:43 - 2015-03-12 17:44 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2014b_win32
2015-03-12 17:36 - 2015-03-12 17:40 - 108292376 _____ () C:\Users\Kunde\Downloads\matlab_R2014b_win32.exe
2015-03-12 17:30 - 2015-03-12 17:31 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 ____D () C:\Users\Kunde\AppData\Local\PDFCreator
2015-03-12 17:24 - 2015-03-12 17:24 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-03-12 17:23 - 2015-03-12 17:24 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-12 17:23 - 2015-03-12 17:24 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-12 17:23 - 2015-03-12 17:23 - 00000993 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-12 17:23 - 2015-03-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-12 17:13 - 2015-03-12 17:14 - 27721680 _____ (pdfforge ) C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe
2015-03-12 17:13 - 2015-03-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSpice Student
2015-03-12 17:12 - 2015-03-12 22:34 - 00005383 _____ () C:\Windows\PSPICEEV.INI
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Windows\Crystal
2015-03-12 17:12 - 2015-03-12 17:12 - 00000000 ____D () C:\Program Files\OrCAD_Demo
2015-03-12 17:12 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-03-12 17:12 - 1997-08-28 17:00 - 03572224 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\crpe32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00416768 _____ (Seagate Software) C:\Windows\system32\cpeaut32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00183296 _____ (Seagate Software, Information Management Group, Inc.) C:\Windows\system32\crpaig32.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00105984 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2bdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00064000 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2irdao.dll
2015-03-12 17:12 - 1997-08-28 17:00 - 00054272 _____ (Seagate Software Information Management Group, Inc.) C:\Windows\system32\p2ctdao.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\msjet35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00251664 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00121104 _____ (Microsoft Corporation) C:\Windows\system32\msjint35.dll
2015-03-12 17:12 - 1997-07-11 00:00 - 00024336 _____ (Microsoft Corporation) C:\Windows\system32\msjter35.dll
2015-03-12 17:12 - 1997-01-22 22:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\Msvcp50.dll
2015-03-12 17:12 - 1996-11-08 03:48 - 00368912 _____ (Microsoft Corporation) C:\Windows\system32\vbar332.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00192512 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00176128 _____ () C:\Windows\system32\lffax60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00141824 _____ () C:\Windows\system32\lfcmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00110080 _____ () C:\Windows\system32\lfpng60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00046080 _____ () C:\Windows\system32\lftif60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00043008 _____ () C:\Windows\system32\ltfil60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00023552 _____ () C:\Windows\system32\lfpcx60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfpct60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022528 _____ () C:\Windows\system32\lfeps60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00022016 _____ () C:\Windows\system32\lfbmp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00020480 _____ () C:\Windows\system32\lfpsd60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019968 _____ () C:\Windows\system32\lftga60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwpg60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00019456 _____ () C:\Windows\system32\lfwmf60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00018432 _____ () C:\Windows\system32\lfmsp60n.dll
2015-03-12 17:12 - 1996-06-07 19:07 - 00017920 _____ () C:\Windows\system32\lfmac60n.dll
2015-03-12 17:12 - 1995-07-26 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\system32\THREED32.OCX
2015-03-12 17:12 - 1995-02-15 01:11 - 00017920 _____ () C:\Windows\system32\implode.dll
2015-03-12 17:11 - 2015-03-12 17:11 - 00000000 ____D () C:\1
2015-03-12 17:05 - 2015-03-12 17:07 - 28620288 _____ () C:\Users\Kunde\Downloads\91pspstu.exe
2015-03-12 17:03 - 2015-03-12 17:04 - 02083060 _____ () C:\Users\Kunde\Downloads\rf-sim-99.zip
2015-03-11 21:43 - 2015-03-11 21:43 - 00000343 _____ () C:\Users\Kunde\Downloads\ruediger.schultheis.vcf
2015-03-11 21:42 - 2015-03-11 21:45 - 00000000 ____D () C:\Users\Kunde\Desktop\Sydney
2015-03-11 21:29 - 2015-02-03 11:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 21:29 - 2015-02-03 11:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 21:29 - 2015-02-03 11:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 21:29 - 2015-02-03 11:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 21:28 - 2015-02-03 11:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 21:28 - 2015-02-03 11:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 21:28 - 2015-02-03 11:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 21:28 - 2015-02-03 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 21:28 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 21:28 - 2015-02-03 11:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 21:28 - 2015-02-03 11:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 21:28 - 2015-02-03 11:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 21:28 - 2015-02-03 11:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 21:28 - 2015-02-03 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 21:28 - 2015-02-03 11:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 21:28 - 2015-02-03 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 21:28 - 2015-01-31 07:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 21:28 - 2014-11-01 06:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 21:28 - 2014-06-28 08:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 21:18 - 2015-02-20 12:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 21:18 - 2015-02-20 11:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 21:18 - 2015-02-04 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 21:17 - 2015-02-26 11:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 21:17 - 2015-02-24 10:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 21:17 - 2015-02-21 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 21:17 - 2015-02-20 10:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 21:17 - 2015-02-20 10:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 21:17 - 2015-02-20 10:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 21:17 - 2015-02-20 09:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 21:17 - 2015-02-20 09:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 21:17 - 2015-02-20 09:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 21:17 - 2015-02-20 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 21:17 - 2015-02-20 09:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 21:17 - 2015-02-20 08:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 21:17 - 2015-02-13 13:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 21:17 - 2015-02-03 11:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 21:17 - 2015-01-17 10:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 21:16 - 2015-02-21 08:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 21:16 - 2015-02-21 08:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 21:16 - 2015-02-21 08:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 21:16 - 2015-02-21 07:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 21:16 - 2015-02-20 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 21:16 - 2015-02-20 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 21:16 - 2015-02-20 10:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 21:16 - 2015-02-20 10:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 21:16 - 2015-02-20 10:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 21:16 - 2015-02-20 10:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 21:16 - 2015-02-20 09:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 21:16 - 2015-02-20 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 21:16 - 2015-02-20 09:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 21:16 - 2015-02-20 09:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 21:16 - 2015-02-20 09:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 21:16 - 2015-02-20 09:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 21:16 - 2015-02-20 09:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 21:16 - 2015-02-20 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 21:14 - 2015-03-06 13:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 21:14 - 2015-03-06 13:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 21:14 - 2015-03-06 13:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 21:14 - 2015-03-06 13:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 21:14 - 2015-03-06 13:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 21:14 - 2015-03-06 13:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 21:14 - 2015-03-06 13:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 21:14 - 2015-03-06 13:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 21:14 - 2015-03-06 13:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 21:14 - 2015-02-03 11:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Subversion
2015-03-11 14:50 - 2015-03-11 14:50 - 00000000 ____D () C:\Users\Kunde\AppData\Local\MathWorks
2015-03-11 14:49 - 2015-03-13 02:07 - 00000000 ____D () C:\Users\Kunde\Documents\MATLAB
2015-03-10 12:00 - 2015-03-10 12:00 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\MathWorks
2015-03-10 11:59 - 2015-03-10 11:59 - 00001299 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00001287 _____ () C:\Users\Public\Desktop\MATLAB R2015a.lnk
2015-03-10 11:59 - 2015-03-10 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-03-10 11:58 - 2015-04-04 13:12 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2015-03-10 11:58 - 2015-03-10 11:58 - 00000000 ____D () C:\ProgramData\MathWorks
2015-03-10 11:58 - 2004-09-06 09:05 - 00645120 _____ () C:\Windows\system32\config.gms
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Users\Kunde\Downloads\MathWorks
2015-03-10 10:00 - 2015-03-12 17:49 - 00000000 ____D () C:\Program Files\MATLAB
2015-03-10 09:56 - 2015-03-10 09:56 - 00000000 ____D () C:\Users\Kunde\Downloads\_temp_matlab_R2015a_win32
2015-03-10 09:54 - 2015-03-10 09:55 - 90954008 _____ () C:\Users\Kunde\Downloads\matlab_R2015a_win32.exe
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieUserList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieSiteList
2015-03-10 09:45 - 2015-03-10 09:45 - 00000000 __SHD () C:\Users\Kunde\AppData\Local\EmieBrowserModeList
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 08:43 - 2015-03-10 08:43 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-10 08:38 - 2015-03-10 08:38 - 01877056 _____ () C:\Users\Kunde\Downloads\wrar521d.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 23:20 - 2015-02-03 22:09 - 01726493 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 22:42 - 2015-02-04 23:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-04 17:42 - 2015-02-04 23:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 10:06 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:06 - 2009-07-14 12:34 - 00017568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 09:57 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 09:57 - 2009-07-14 12:39 - 00088485 _____ () C:\Windows\setupact.log
2015-04-03 12:13 - 2015-03-04 13:18 - 00000000 ____D () C:\Users\Kunde\Desktop\SAT
2015-04-03 11:08 - 2015-02-05 22:02 - 00000000 ____D () C:\AdwCleaner
2015-04-02 19:57 - 2015-02-05 10:32 - 00070376 _____ () C:\Windows\PFRO.log
2015-04-02 19:14 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
2015-04-02 19:14 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2015-04-02 19:09 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 21:56 - 2015-02-09 04:59 - 00000000 ____D () C:\Users\Kunde\AppData\Roaming\Skype
2015-04-01 17:06 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde
2015-03-30 22:40 - 2015-02-11 19:58 - 00000000 ____D () C:\Users\Kunde\Desktop\Sammelstuff
2015-03-30 18:47 - 2015-02-03 22:17 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 21:06 - 2015-02-11 20:13 - 00000000 ____D () C:\Users\Kunde\Documents\Tagebuch
2015-03-28 08:46 - 2015-02-06 18:13 - 00000000 ____D () C:\Users\Kunde\AppData\Local\NFS Underground 2
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 08:36 - 2015-02-03 22:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 21:56 - 2009-07-14 12:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 00:09 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 19:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-03-24 16:07 - 2015-02-17 06:13 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-03-24 14:34 - 2015-03-04 13:18 - 00000000 ____D () C:\Users\Kunde\Desktop\Eng. Soc
2015-03-24 11:44 - 2015-03-04 13:18 - 00000000 ____D () C:\Users\Kunde\Desktop\COM
2015-03-24 10:34 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-23 09:46 - 2015-02-04 23:31 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 22:33 - 2015-02-05 23:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 20:08 - 2015-02-03 22:15 - 00000000 ____D () C:\Users\Kunde\AppData\Local\VirtualStore
2015-03-12 19:48 - 2015-02-05 22:02 - 00000000 ____D () C:\Users\Kunde\Documents\Programme
2015-03-12 09:11 - 2009-07-14 12:33 - 00437312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-12 01:22 - 2015-02-03 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 01:14 - 2015-02-03 22:50 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Kunde\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Kunde\AppData\Local\Temp\Quarantine.exe
C:\Users\Kunde\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 16:00

==================== End Of Log ============================
--- --- ---

[/CODE]

schrauber 05.04.2015 07:24
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

ones 06.04.2015 05:51
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Kunde at 2015-04-06 12:25:58 Run:1
Running from C:\Users\Kunde\Desktop
Loaded Profiles: Kunde (Available profiles: Kunde)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe
Emptytemp:
*****************

C:\Users\Kunde\Downloads\PDFCreator-2_0_2-setup.exe => Moved successfully.
EmptyTemp: => Removed 607.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:27:58 ====
Hi Schrauber, vielen Dank für deine Hilfe und die Mühen. Das Problem mit dem USB Stick besteht aber leider noch wie im ersten post beschrieben, dass er nur Verknüpfungen beinhaltet und die Fehlermeldung auftaucht...
Was kann ich noch tun?

MfG, ones

schrauber 06.04.2015 14:42
Stick im WIndows Explorer öffnen, Screenshot davon bitte.

ones 06.04.2015 15:20
Liste der Anhänge anzeigen (Anzahl: 1)
Anbei das Bild,
wie gesagt nach Bestätigen mit OK öffnet sich ein weiteres neues Fenster mit dem Inhalt des angewählten Ordners/Datei

schrauber 07.04.2015 11:07
Is das der einzige Kram auf dem Stick? Bitte mal Systemsteuerung Ordneroptionen, versteckte Dateien anzeigen lassen, Haken raus bei geschützte Dateien ausblenden, nochmal Screenshot bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:26 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55