Windows 7: svhost.exe hohe Auslastung Hallo!
wie der Thread unter mir, habe ich ebenfalls ein Problem mit der CPU Auslastung meines PCs.
Dabei belegt die svhost.exe 50% bereits im idle zustand.
Hatte mit Avira und Antimalewarebystes schonmal gescannt, aber außer meine Firewall (Zonealarm) nichts gefunden.
Anbei die logs. Hoffe ihr könnt helfen.
Avira Code:
Exportierte Ereignisse:
15.09.2015 17:13 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files (x86)\CheckPoint\Install\zatb.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Montiera.TR' [riskware].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 53d1aca6.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.
15.09.2015 11:27 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files (x86)\CheckPoint\Install\zatb.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Montiera.TR' [riskware].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 534e628c.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert. defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:26 on 26/09/2015 (Alex)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST.txt Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Alex (Administrator) auf ALEX-PC (26-09-2015 18:00:49)
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex (Verfügbare Profile: Alex)
Platform: Windows 7 Professional N Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-05-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\Run: [Spotify] => C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe [7014456 2015-09-19] (Spotify Ltd)
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\Run: [Spotify Web Helper] => C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1806904 2015-09-19] (Spotify Ltd)
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\MountPoints2: F - "F:\StarCraft II Setup.exe"
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\MountPoints2: {10566507-5123-11e4-a1cd-8acb58296b3d} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\MountPoints2: {4abfe62d-c165-11e2-8c2a-00241d1440de} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\MountPoints2: {9f489ea8-a2e0-11e4-83ac-806e6f6e6963} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\MountPoints2: {cd63fb3c-c3b3-11e2-86dc-00241d1440de} - I:\setup.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D08AC904-88F0-4923-8D42-AFFED7E31ADB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D88A2413-14F8-4791-8576-527ABE6C26A2}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED2BDFAF-464C-42B6-BB4E-89D822A2E127}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Programme\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1930445482-2909481686-1685278842-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei
FF Extension: GFACE Experience Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\cryenginebrowserplugin@crytek.com [2015-05-07]
FF Extension: zonealarm.com - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\ffxtlbr@zonealarm.com [2015-05-07]
FF Extension: EPUBReader - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-29]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\ALone-live@ya.ru.xpi [2015-05-07]
FF Extension: Classic Theme Restorer - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-05-07]
FF Extension: LEO Dictionaries - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\contextMenuExtension@leo.org.xpi [2015-05-07]
FF Extension: Ghostery - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\firefox@ghostery.com.xpi [2015-05-07]
FF Extension: League of Legends Events - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi [2015-05-07]
FF Extension: Lightbeam - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-07]
FF Extension: Stylish - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-05-07]
FF Extension: Video DownloadHelper - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-07]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-07]
FF Extension: DownThemAll! - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\27kgmzuy.Alex\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-04-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S3 CVPND; E:\Programme\VPN Client\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [Datei ist nicht signiert]
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2013-01-22] (Wireless) [Datei ist nicht signiert]
S2 MBAMService; E:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-30] ()
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [Datei ist nicht signiert]
S3 teclmd; E:\Programme\Tecplot 360\RLM\rlm.exe [1536000 2011-07-25] (Reprise Software Inc.) [Datei ist nicht signiert]
S3 UGS License Server (ugslmd); E:\Programme\UGS\UGS Licensing\lmgrd.exe [1372160 2008-04-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-24] (Avira Operations GmbH & Co. KG)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-01-23] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 VSPerfDrv110; E:\Programme\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
U3 kxldrpog; \??\C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-26 17:59 - 2015-09-26 17:59 - 00014439 _____ C:\Users\Alex\Desktop\gmer.log
2015-09-26 17:41 - 2015-09-26 17:41 - 00003896 _____ C:\Users\Alex\Desktop\gmer.txt
2015-09-26 17:34 - 2015-09-26 17:37 - 00000769 _____ C:\Users\Alex\Desktop\Neues Textdokument.txt
2015-09-26 17:32 - 2015-09-26 17:32 - 00380416 _____ C:\Users\Alex\Desktop\xdekrjho.exe
2015-09-26 17:29 - 2015-09-26 17:29 - 00059456 _____ C:\Users\Alex\Desktop\Addition_old.txt
2015-09-26 17:28 - 2015-09-26 18:00 - 00019980 _____ C:\Users\Alex\Desktop\FRST.txt
2015-09-26 17:28 - 2015-09-26 18:00 - 00000000 ____D C:\FRST
2015-09-26 17:28 - 2015-09-26 17:29 - 00028141 _____ C:\Users\Alex\Desktop\FRST_old.txt
2015-09-26 17:27 - 2015-09-26 17:27 - 02192384 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2015-09-26 17:26 - 2015-09-26 17:26 - 00000470 _____ C:\Users\Alex\Desktop\defogger_disable.log
2015-09-26 17:26 - 2015-09-26 17:26 - 00000000 _____ C:\Users\Alex\defogger_reenable
2015-09-26 17:25 - 2015-09-26 17:25 - 00050477 _____ C:\Users\Alex\Desktop\Defogger.exe
2015-09-26 10:15 - 2015-09-26 17:47 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-09-19 11:48 - 2015-09-25 17:19 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify
2015-09-19 11:48 - 2015-09-19 11:48 - 00001762 _____ C:\Users\Alex\Desktop\Spotify.lnk
2015-09-19 11:48 - 2015-09-19 11:48 - 00001748 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-19 11:47 - 2015-09-26 17:48 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify
2015-09-08 16:18 - 2015-09-08 16:18 - 00002787 _____ C:\Users\Alex\AppData\Local\recently-used.xbel
2015-09-02 19:21 - 2015-09-09 16:32 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-26 17:55 - 2009-07-14 06:50 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 17:55 - 2009-07-14 06:50 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 17:54 - 2011-04-12 10:14 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-09-26 17:54 - 2011-04-12 10:14 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-09-26 17:54 - 2009-07-14 07:12 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 17:48 - 2015-04-22 14:12 - 00000528 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2015-09-26 17:47 - 2015-07-19 16:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 17:47 - 2013-05-23 16:24 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-09-26 17:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 17:47 - 2009-07-14 06:56 - 00072904 _____ C:\Windows\setupact.log
2015-09-26 17:26 - 2013-05-20 17:55 - 00000000 ____D C:\Users\Alex
2015-09-26 17:11 - 2014-02-02 00:27 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2015-09-26 17:00 - 2013-05-20 17:56 - 01947035 _____ C:\Windows\WindowsUpdate.log
2015-09-26 17:00 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-26 14:59 - 2015-05-08 18:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2015-09-26 10:13 - 2015-05-07 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-24 19:22 - 2015-06-10 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-24 19:21 - 2013-05-20 19:46 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-24 19:21 - 2013-05-20 19:46 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-24 13:17 - 2010-11-21 05:47 - 04007326 _____ C:\Windows\PFRO.log
2015-09-24 11:30 - 2013-07-02 17:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 18:29 - 2013-05-21 21:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2015-09-15 11:11 - 2015-07-19 16:49 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 11:11 - 2015-07-19 16:49 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 11:11 - 2015-07-19 16:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 19:33 - 2013-05-23 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-09-09 19:48 - 2014-04-12 20:35 - 00000000 ____D C:\AdwCleaner
2015-09-09 18:42 - 2014-07-01 19:47 - 00000000 ____D C:\Users\Alex\Documents\MATLAB
2015-09-09 17:39 - 2014-11-23 12:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 17:35 - 2014-11-23 12:28 - 00000750 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 17:35 - 2014-11-23 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 16:32 - 2013-05-23 21:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-08 17:05 - 2014-06-20 18:22 - 00000000 ____D C:\Users\Alex\.gimp-2.8
2015-09-08 10:13 - 2015-05-07 17:39 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-08 10:13 - 2015-05-07 17:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-04 14:49 - 2014-06-20 18:28 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-13 21:33 - 2015-07-22 01:12 - 0000600 _____ () C:\Users\Alex\AppData\Roaming\winscp.rnd
2013-06-13 21:53 - 2013-10-16 11:54 - 0000600 _____ () C:\Users\Alex\AppData\Local\PUTTY.RND
2015-09-08 16:18 - 2015-09-08 16:18 - 0002787 _____ () C:\Users\Alex\AppData\Local\recently-used.xbel
2013-05-21 15:50 - 2013-05-21 15:50 - 0000017 _____ () C:\Users\Alex\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\AskSLib.dll
C:\Users\Alex\AppData\Local\Temp\avgnt.exe
C:\Users\Alex\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt6kjs7.dll
C:\Users\Alex\AppData\Local\Temp\guninst.exe
C:\Users\Alex\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Alex\AppData\Local\Temp\numpy-1.6.2-sse3.exe
C:\Users\Alex\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Alex\AppData\Local\Temp\ose00000.exe
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex\AppData\Local\Temp\scipy-0.11.0-sse3.exe
C:\Users\Alex\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_012bd355-7fa4-403c-9815-22c25be0da02_TX_DB_.exe
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Alex\AppData\Local\Temp\ubi3D30.tmp.exe
C:\Users\Alex\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Alex\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Alex\AppData\Local\Temp\_is68EF.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-21 17:00
==================== Ende von FRST.txt ============================ Addition.txt Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Alex (2015-09-26 18:02:22)
Gestartet von C:\Users\Alex\Desktop
Windows 7 Professional N Service Pack 1 (X64) (2013-05-20 15:55:21)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1930445482-2909481686-1685278842-500 - Administrator - Disabled)
Alex (S-1-5-21-1930445482-2909481686-1685278842-1000 - Administrator - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1930445482-2909481686-1685278842-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1930445482-2909481686-1685278842-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version: - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
bcTester 4.9 (de) (HKLM-x32\...\{B18D4784-45FF-4787-A81E-012873CA6515}) (Version: 4.9.2 - QS QualitySoft GmbH)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blobby Volley 2 Version 1.0RC4 (HKLM-x32\...\Blobby Volley 2 Version 1.0RC4_is1) (Version: - )
Brother MFL-Pro Suite DCP-J515W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{0C42DFC3-F913-44B5-85A3-5AA1A6109277}) (Version: 3.1.06078 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06078 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06078 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.5.0.11 - Swiss Academic Software)
CoDeSys for Automation Alliance (HKLM-x32\...\{07976ABB-1EBD-4A65-A7C7-155A0DC17173}) (Version: - 3S-Smart Software Solutions GmbH)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dymola 2014 FD01 (HKLM-x32\...\{0451A785-0837-434D-8291-9890D366242D}) (Version: 14.1.302 - Dassault Systems)
Dymola 2016 (HKLM-x32\...\{FBBFA9EB-6986-4E8F-AAF4-E252B3D72D05}) (Version: 16.0.331 - Dassault Systemes)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GAMS win64 24.4.3 (HKLM\...\GAMS win64 24.4_is1) (Version: GAMS 24.4.3 - GAMS Development)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gurobi 6.0.3 (64 bit) (HKLM-x32\...\{DCA8391A-6579-EF24-37D1-D6994E4AC38C}) (Version: 6.0.3.0 - Gurobi Optimization, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
ITI SimulationX 3.5 (HKLM-x32\...\ITI SimulationX 3.5) (Version: 3.5 - ITI GmbH)
ITI SimulationX 3.5 (x32 Version: 3.5 - ITI GmbH) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JModelica.org-1.15 (HKLM\...\JModelica.org-1.15) (Version: - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for de-de (x32 Version: 8.59.25584 - Microsoft) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
OpenModelica1.9.2 (HKLM-x32\...\OpenModelica) (Version: 1.9.2 - Open Source Modelica Consortium (OSMC) and Linköping University (LiU).)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 2.7 Cython-0.18 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\Cython-py2.7) (Version: - )
Python 2.7 distribute-0.6.35 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\distribute-py2.7) (Version: - )
Python 2.7 ipython-0.13.1 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\ipython-py2.7) (Version: - )
Python 2.7 JCC-2.18 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\JCC-py2.7) (Version: - )
Python 2.7 JPype-0.5.4.2 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\JPype-py2.7) (Version: - )
Python 2.7 lxml-3.1.0 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\lxml-py2.7) (Version: - )
Python 2.7 matplotlib-1.2.0 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\matplotlib-py2.7) (Version: - )
Python 2.7 nose-1.2.1 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\nose-py2.7) (Version: - )
Python 2.7 numpy-1.6.2 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\numpy-py2.7) (Version: - )
Python 2.7 pyreadline-1.7.1 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\pyreadline-py2.7) (Version: - )
Python 2.7 scipy-0.11.0 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\scipy-py2.7) (Version: - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.16.0 - Renesas Electronics Corporation) Hidden
Reprise License Manager for Tecplot Products (HKLM-x32\...\{141D14D4-055C-4DD7-B1D5-56C597BACB90}) (Version: 8.00.0000 - Tecplot, Inc.)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\Spotify) (Version: 0.9.17.6.ge7d46329 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Tecplot 360 2012R1 (32-bit) (HKLM-x32\...\{A51B313A-CABD-430C-955E-B771B874C090}) (Version: 14.01.000 - Tecplot, Inc.)
Telegram Desktop version 0.9.2 (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.2 - Telegram Messenger LLP)
TP-LINK TL-WN951N Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
UGS NX 6.0 (HKLM-x32\...\{A37D76E1-38C4-4A58-A597-BD7C765FB8CF}) (Version: 6.0.0.24 - UGS)
UGSLicensing (HKLM-x32\...\{1842532D-0AD3-4470-8E32-798BB63EF496}) (Version: 2.0.0 - UGS)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{c77bad57-f913-4ac3-9061-6dfd6c0aa40a}) (Version: 1.3.0.16 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.16 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{DEE2025E-D6C0-47E2-8657-AA57857FEEDA}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1930445482-2909481686-1685278842-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
21-09-2015 17:07:44 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3C214DC7-3E9C-44E8-A1EF-AAF07B149D84} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)
Task: {451366E5-9B72-412F-906F-D9F29544F304} - System32\Tasks\{8EE6E9C0-59CD-453A-9571-6FC18D2B7938} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/go/help.faq.installer?LastError=1618
Task: {56645554-2956-41A1-B60A-99345B7F101E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {585380FB-A28A-43E8-937E-F8811D8BF22E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {64B0F67E-5D35-4B88-8509-ECB279453BA3} - System32\Tasks\{BE139498-6CC2-4606-AC6D-E877493115C1} => pcalua.exe -a E:\setup.exe -d E:\
Task: {7F8BE225-7FE7-44E4-A890-8791481FB12F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {8CD42BE2-D454-4949-800A-807AD45F7525} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {91C1DEF3-FD98-4FC2-AA30-8C3090911BD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {BD686F19-6534-420D-995C-C1CA70EB0FE1} - System32\Tasks\MATLAB R2013a Startup Accelerator => E:\Programme\Matlab R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {D99C01B7-5281-45B6-BB94-AD00AC0AADD0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {DE1CB38E-AF8B-4D02-AAFF-1252E67AD110} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F6376A6A-FFD7-410C-A22E-6C1E71764FF2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => E:\Programme\Matlab R2013a\bin\win64\MATLABStartupAccelerator.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-03-28 22:30 - 2013-03-28 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-31 01:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-06 00:57 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-09-08 10:13 - 2015-09-08 10:13 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1930445482-2909481686-1685278842-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "E:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: iTunesHelper => "E:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\system32\StikyNot.exe
MSCONFIG\startupreg: RUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "E:\Programme\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "E:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E50B7B93-513C-4C2E-B826-80E2BC55A1FC}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{639E0ECB-072C-4AF7-8E19-1FC8E7CA1C52}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{5846075A-B8CC-4E60-9566-C215B19BF0EF}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{8CE8FEDB-A6B4-414E-891C-2805F1727F49}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{05129464-ACCD-40C2-BBE3-323E8E69BE5F}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{BF5FE270-3916-40D8-A4B6-B138F825C354}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{0DB58508-5925-4443-ABCE-B083A47412BA}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{7D28196E-5BCF-478F-B117-727932922870}] => (Allow) LPort=54925
FirewallRules: [{937B3D03-2B87-43DA-8115-DE5990FE268E}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{41C50D13-6568-4AAD-B656-4DBCC023B7C2}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{5CC1C400-877A-4033-83E2-D5F126F37861}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{85931673-9BBE-4ECB-9DFA-CE6F688DDE6C}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{6B349691-E287-49D0-B295-69765003E308}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{E0320DBF-EB62-4A6C-9C35-CD633560728E}] => (Allow) E:\Programme\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{AE463384-E416-4022-B49F-607BAAC2976F}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E852CFEF-D5E4-4ADF-AC58-5ED48C823DC1}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD59B801-20EE-468E-B123-78F7E6EC9CA2}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4ECF88A7-5EC9-44CF-AEA6-BCBDDECD0287}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{C9211C4A-7813-49F1-BDCD-E08B0E6173A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [TCP Query User{A89062BE-9385-48BF-8402-08BF76B2453F}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exe
FirewallRules: [UDP Query User{02F57EFC-44D5-498C-9CBE-C178413EFF1E}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exe
FirewallRules: [TCP Query User{FAB3CDBE-D6F2-4314-BB69-15FE0F6980F5}C:\games\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{0929C3A3-B8BA-4D20-B825-6C9F56A4E6C0}C:\games\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{C2FADCE9-73D9-464A-B441-39934EFEFFC4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BC2012DE-27D4-4AA6-BAD6-DDC705A1A0E8}] => (Allow) E:\Programme\iTunes\iTunes.exe
FirewallRules: [{5474E426-4F73-49A6-A6C7-B88AC16900D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{09F66AFB-3ABA-46E7-84B3-0AC53B477EA5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6A59B2CD-9C72-4259-85A6-C6C3CF89604C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AE4C2077-9974-44A4-AAA9-59BB1F5B2E63}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3C3933E8-6A91-4100-8409-87E40C38D421}] => (Allow) E:\Games\Assassins' Creed III\AC3SP.exe
FirewallRules: [{97F603F3-D513-4E91-B4D3-301E223C678E}] => (Allow) E:\Games\Assassins' Creed III\AC3SP.exe
FirewallRules: [{51805784-4CB5-496A-9F38-8EE5FF75557C}] => (Allow) E:\Games\Assassins' Creed III\AC3MP.exe
FirewallRules: [{6BAB9647-CC7E-4E40-AC9E-25DED57A806C}] => (Allow) E:\Games\Assassins' Creed III\AC3MP.exe
FirewallRules: [{E9223D40-BCBD-40A7-A911-51F647D4118A}] => (Allow) E:\Games\Assassins' Creed III\AssassinsCreed3.exe
FirewallRules: [{BA3FDDE0-507F-45D2-9418-6E35003D6C70}] => (Allow) E:\Games\Assassins' Creed III\AssassinsCreed3.exe
FirewallRules: [{3282DAE9-18EA-4870-9BCB-029E3537DE59}] => (Allow) E:\Games\Anno 2070\Anno5.exe
FirewallRules: [{E24CE584-A21A-4A9D-BE7D-E01EC77BED68}] => (Allow) E:\Games\Anno 2070\Anno5.exe
FirewallRules: [{AC048461-DA10-4119-BFF5-6E1C7488F9EB}] => (Allow) E:\Games\Anno 2070\AutoPatcher.exe
FirewallRules: [{961B5623-7090-4F67-AA71-8E73AF5823BC}] => (Allow) E:\Games\Anno 2070\AutoPatcher.exe
FirewallRules: [{7876850A-3C68-406D-8432-1E62CB15493D}] => (Allow) E:\Games\Anno 2070\InitEngine.exe
FirewallRules: [{7A86363C-78D4-444F-BAB1-D2FFB3B7B8C6}] => (Allow) E:\Games\Anno 2070\InitEngine.exe
FirewallRules: [{7093B1A5-DA9E-4CE0-8AA8-F9D684FE8FB8}] => (Allow) E:\Programme\Steam\Steam.exe
FirewallRules: [{CF0BF7CB-AF77-40E6-BD15-7E7A2DCB0ECA}] => (Allow) E:\Programme\Steam\Steam.exe
FirewallRules: [{B2093CE1-039C-4DAC-BA25-2E7204D37D6A}] => (Allow) E:\Programme\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F1ABD813-9CA3-45F4-8E65-DC722687DBF1}] => (Allow) E:\Programme\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5CFF33E7-AC20-4FE8-9CBF-DC0D9E26C610}] => (Allow) E:\Programme\Tecplot 360\RLM\rlm.exe
FirewallRules: [{2238780F-D9C2-4C48-8A94-5D8C91B7FE8A}] => (Allow) E:\Programme\Tecplot 360\RLM\rlm.exe
FirewallRules: [{FCF1DE2B-4A4C-487B-86DC-800618F8DDCB}] => (Allow) E:\Games\ArmA 2\arma2OA.exe
FirewallRules: [{B8504E70-3652-4480-8F02-9438761C0FB5}] => (Allow) E:\Games\ArmA 2\arma2OA.exe
FirewallRules: [{2ABE8AC9-DA8E-46B0-90E4-1BFCA2478296}] => (Allow) E:\Games\ArmA 2 free\arma2free.exe
FirewallRules: [{3EA067E1-A42A-4895-A9F6-202392F3EAF3}] => (Allow) E:\Games\ArmA 2 free\arma2free.exe
FirewallRules: [{98A603C7-A65F-4B43-8ECA-DF7112AD0CC7}] => (Allow) E:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{1D4CF283-FFCA-4328-B8AD-CC6AC7091908}] => (Allow) E:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{487526FB-FC27-48B8-BCB1-81AD088A37FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C4782CE9-ACDB-43CA-A4A0-0436C9BDB939}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FF902A22-DBCB-4CCD-8C2F-8121DF75AFAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{894C9797-E315-4F21-92FA-35D596F2B8FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{92800779-193E-4E4B-839E-9A04F4A88329}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{4676BC69-8659-4705-BF9E-7CC8112161B4}E:\games\hearthstone\hearthstone\hearthstone.exe] => (Block) E:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5AA7A772-B83C-406D-B183-5835C486400D}E:\games\hearthstone\hearthstone\hearthstone.exe] => (Block) E:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{D4A49CDD-522D-4824-BCBB-DF5540B16BD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{1C7B1313-3DB6-4CDD-B567-1F9F2EBF870C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{BD0E8EE6-D0A0-4520-9923-43574FC04005}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{CF21E3CB-4B11-4CC4-94B5-13C3F86E5C8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{3F557118-943B-4B82-A1FA-55D2101C1D8B}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [UDP Query User{CBE54D6F-4B55-4032-B61C-3B28C875AB85}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [{7E857722-345C-44F9-8B3B-96898CAC897F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{03497F0F-1AB7-467A-8509-A70A7BC62C6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CC48E0EE-1C43-40BE-8959-CD6A3772672C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{91A76883-DCBE-432A-A1B1-90CC576DF536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{F274AB5F-0E44-48C7-9C81-325E7038AF92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{926B5BCF-EFD5-4E6F-A3FC-4CA6EB0B7F78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{DA95CF64-3A22-487A-9C5D-AED78665E5F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{74382EF7-5A00-4CA3-8204-09ED13BDB47D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{A87266DB-1871-4C90-B92B-41E9D8CD7C46}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{26C9A515-0231-4278-B618-DBA2ABED7177}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{82EB1293-675D-44A8-AE85-6D5609B04755}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{2C49B46B-65B6-4D54-9B5D-CBD02EA4BA28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{B741B596-0D54-43B8-A89A-233389DD93CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{C6D9D194-DAE3-472F-8A75-7F8FBDADDCAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{20B1210D-8751-4859-A699-95BC4B32880C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{2AF5DECD-CBA8-4FED-8F6D-D394F972E87B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{A861496B-9F49-42D6-A894-4D0913FC1D3F}] => (Allow) E:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{F42816A1-B0BC-42E4-9CD5-1E1299116B1D}] => (Allow) E:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{442F31A8-C8C1-4002-B9BD-A8A9FFF0CF82}] => (Allow) E:\Programme\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{CABD8327-B4A3-4D89-991C-68DA8C4CA358}] => (Allow) E:\Programme\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{AE6FC724-D6B2-4B51-B50C-C9CEDC2395D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4EE3672E-3DD1-47D4-B48C-2DB9BA2172D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{901936A7-55AD-4FF7-8B3F-C26F66B2DA69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0AF58A3E-39CD-4B3A-99FD-7784DBBAEEC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{2EC74C53-2724-4E4B-8828-1F2B34C3F427}E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{B87C594E-9226-4C5D-A0F6-AE1312CF0FC2}E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{059C8344-13F0-4A0C-A960-660A81FFF7CE}E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{C3016F94-8ED5-4693-A409-B1C0E237996D}E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) E:\games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{809345F2-4105-42EF-AFC8-3B51D7D7A02C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D0069B29-391B-4A56-A514-E1C3CD079327}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D106EF28-98A1-408F-8CB5-03ADB5F64C22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{BAA32FF6-CB04-4B97-A269-67EA178AE9EC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{02D541B5-8052-4E08-9189-E3F91CE790A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{275FEE87-6F90-49DA-A913-8075A3738D43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{1352C58E-35CE-4748-94C8-93B58F9BD8C9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A178802E-0800-4D94-8402-3997D2690CAF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{65F6D2DC-055D-4125-B9AB-F0A850DAC05E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4072A276-1608-4526-B912-F1DE5326ACB4}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5157C4EE-85B3-46AB-8594-B4CCA475EEE6}] => (Allow) C:\Windows\SysWOW64\Gateway.exe
FirewallRules: [{F660E861-4B6A-48B9-9E75-E33C95918D40}] => (Allow) C:\Windows\SysWOW64\Gateway.exe
FirewallRules: [{B4310802-FBE6-4D6D-A2AA-A3611BB11437}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe
FirewallRules: [{E76A6AAF-5E63-4EA6-9A47-58E2B5BA3952}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe
FirewallRules: [{34C1F0E0-2627-4E2C-B32D-27ED8E451B8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA84C47F-888D-4847-9A0B-A734A5D2D7F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84ED268C-4F72-48A9-9638-69585250F936}] => (Allow) E:\Programme\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{762E3031-5012-4515-9710-663D826C6A44}] => (Allow) E:\Programme\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{87310988-9D61-4259-A282-0C49EC730F1A}] => (Allow) E:\Programme\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{74554714-E41F-40DC-B4DC-23B268DCE582}] => (Allow) E:\Programme\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{F6837959-89AD-4CF2-A363-F670C930EB81}] => (Allow) E:\Programme\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9D73FDCE-899E-4627-B508-E43A7F0B3D85}E:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5ECAD25D-D841-4C6F-8D88-F74632C8D452}E:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AE7DD10C-4D19-4875-9CBB-B0F436222747}E:\games\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{97CFA3E7-A9AA-4ACC-9DCA-E75B7C0C36FF}E:\games\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2BEC9709-D770-4D3A-9CD1-826C26929B8D}E:\programme\matlab r2015a\bin\win64\matlab.exe] => (Block) E:\programme\matlab r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{0F10606A-951C-4592-A38E-F615E7DDF9BB}E:\programme\matlab r2015a\bin\win64\matlab.exe] => (Block) E:\programme\matlab r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{D36CC40F-04D2-4F35-9175-B8F478F6EAB1}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alex\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9B7F9C0A-8FA7-4DD4-A026-DACD7D09E6FF}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alex\appdata\roaming\spotify\spotify.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/26/2015 05:47:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 05:05:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 04:59:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 04:50:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 02:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 01:46:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 10:21:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 10:11:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/26/2015 10:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002df3e
ID des fehlerhaften Prozesses: 0xc10
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3
Error: (09/26/2015 10:03:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002df3e
ID des fehlerhaften Prozesses: 0xd1c
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3
Systemfehler:
=============
Error: (09/26/2015 05:05:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (09/26/2015 05:05:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (09/26/2015 05:05:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (09/26/2015 05:02:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2015 05:00:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) Dual Core Processor 5050e
Prozentuale Nutzung des RAM: 67%
Installierter physikalischer RAM: 4094.49 MB
Verfügbarer physikalischer RAM: 1327.18 MB
Summe virtueller Speicher: 8187.19 MB
Verfügbarer virtueller Speicher: 4747.48 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:27.28 GB) NTFS
Drive d: (Lokaler Datenträger) (Fixed) (Total:200 GB) (Free:55.95 GB) NTFS
Drive e: (Lokaler Datenträger) (Fixed) (Total:731.51 GB) (Free:5.86 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 635B9680)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BC2FFBD2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
gmer.log Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-26 17:59:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: xdekrjho.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767c1401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767c1419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767c1431 2 bytes JMP 76c68f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767c144a 2 bytes CALL 76bc489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767c14dd 2 bytes JMP 76c68822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767c14f5 2 bytes JMP 76c689f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767c150d 2 bytes JMP 76c68718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767c1525 2 bytes JMP 76c68ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767c153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767c1555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767c156d 2 bytes JMP 76c68fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767c1585 2 bytes JMP 76c68b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767c159d 2 bytes JMP 76c686dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767c15b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767c15cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767c16b2 2 bytes JMP 76c68ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767c16bd 2 bytes JMP 76c68671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767c1401 2 bytes JMP 76beb21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767c1419 2 bytes JMP 76beb346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767c1431 2 bytes JMP 76c68f29 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767c144a 2 bytes CALL 76bc489d C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767c14dd 2 bytes JMP 76c68822 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767c14f5 2 bytes JMP 76c689f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767c150d 2 bytes JMP 76c68718 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767c1525 2 bytes JMP 76c68ae2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767c153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767c1555 2 bytes JMP 76be68ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767c156d 2 bytes JMP 76c68fe3 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767c1585 2 bytes JMP 76c68b42 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767c159d 2 bytes JMP 76c686dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767c15b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767c15cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767c16b2 2 bytes JMP 76c68ea4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767c16bd 2 bytes JMP 76c68671 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767c1401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767c1419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767c1431 2 bytes JMP 76c68f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767c144a 2 bytes CALL 76bc489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767c14dd 2 bytes JMP 76c68822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767c14f5 2 bytes JMP 76c689f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767c150d 2 bytes JMP 76c68718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767c1525 2 bytes JMP 76c68ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767c153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767c1555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767c156d 2 bytes JMP 76c68fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767c1585 2 bytes JMP 76c68b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767c159d 2 bytes JMP 76c686dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767c15b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767c15cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767c16b2 2 bytes JMP 76c68ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767c16bd 2 bytes JMP 76c68671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1128:1284] 000007fefb788274
Thread C:\Windows\system32\svchost.exe [1128:1616] 000007fefb788274
Thread C:\Windows\system32\svchost.exe [1308:1372] 000007fefaee341c
Thread C:\Windows\system32\svchost.exe [1308:1408] 000007fefaee3a2c
Thread C:\Windows\system32\svchost.exe [1308:1412] 000007fefaee5c20
Thread C:\Windows\system32\svchost.exe [1308:1416] 000007fefaee3768
Thread C:\Windows\system32\svchost.exe [1308:3036] 000007fef5c9bd70
Thread C:\Windows\system32\svchost.exe [1308:4952] 000007fefa745124
Thread C:\Windows\system32\svchost.exe [1308:4172] 000007fef32c5170
Thread C:\Windows\System32\svchost.exe [2608:2668] 000007fef66d3410
Thread C:\Windows\System32\svchost.exe [2608:2676] 000007fef66b2e30
Thread C:\Windows\System32\svchost.exe [2608:2684] 000007fef6685050
Thread C:\Windows\System32\svchost.exe [2608:2688] 000007fef66aed70
Thread C:\Windows\System32\svchost.exe [2608:2692] 000007fef6685040
Thread C:\Windows\System32\svchost.exe [2608:2696] 000007fef6724290
Thread C:\Windows\system32\svchost.exe [1648:2788] 00000000004ba988
Thread C:\Windows\system32\svchost.exe [1648:3088] 000007fefbcaa850
Thread C:\Windows\system32\svchost.exe [4404:4892] 000007fef3008470
Thread C:\Windows\system32\svchost.exe [4404:4916] 000007fef3012418
Thread C:\Windows\system32\svchost.exe [4404:2772] 000007fef51c5fd0
Thread C:\Windows\system32\svchost.exe [4404:2972] 000007fef51c63ec
---- EOF - GMER 2.1 ---- Grüße und danke
Alex |