Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: WIN 8.1: .RAR-Datei von DHL-Email

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.11.2015, 14:35   #1
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Hallo Trojaner-Board-Team,

vorab für euch zur Info: ich bin selbstständig und nutze diesen Rechner teilweise auch geschäftlich. Da ich ein Einzelkämpfer bin und keine IT-Abteilung oder ähnliches habe, hoffe ich, das Ihr mir helfen könnt.


Ich habe letzte Woche dummerweise ein .RAR-Anhang von einer DHL-Email geöffnet. Da ich ein dringendes Päckchen erwartete und mit meinen EBAY-Namen in der Mail angesprochen wurde. Beim öffnen der Datei ist nur einmal kurz ein schwarzes Fenster aufgegangen, ansonsten hat sich nix getan. (Ausser das mir recht schnell klar geworden ist, das es ziemlich dämlich von mir war).

Ich habe dann die Kaspersky Internet Security Suche gestartet und die Mail wurde auch als Bedrohung markiert. Ich habe die Bedrohung neutralisiert und Mail gelöscht.
Anschließend habe ich auch noch einen Kaspersky-Online-Virenscan durchgeführt und auch dort wurde nichts mehr gefunden.
Habe mir heute nochmals die Berichte angesehen, und da wir der Vorfall von Kaspersky als Fehlalarm (und nicht als Bedrohung) aufgeführt.



Hatte heute seltsame Vorfälle, die mich etwas stutzig machen:

- Bei SOFORTÜBERWEISUNG hat sich immer wieder ein neues Fenster geöffnet, wenn ich mein Passwort eingeben sollte und bestätigt habe.

- In meinen OnlineBanking-Prgramm konnte ich mich nicht abmelden, immer beim ausloggen ist es wieder auf die Kontenübersicht zurück gesprungen.


Habe alles nochmal über einen anderen Rechner geprüft (und natürlich alle Zugangsdaten geändert), und da hat alles ohne Probleme funktioniert.
Außerdem hatte ich gerade das erste Mal an dem Rechner einen Bluescreen mit Fehler: CRITICAL_STRUCTURE_CORRUPTION



Da jetzt nicht weiß, ob ich mir was eingefangen habe oder nicht, hoffe ich das ihr mir helfen könnt. Vielen Dank schon mal für eure Mühe!


Hier die von euch gewünschten Logs:

__________________________________

defogger_disable:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:12 on 03/11/2015 (********)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

__________________________________________

FRST:


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von ************ (Administrator) auf M4800 (03-11-2015 12:15:51)
Gestartet von D:\System Dateien\Benutzer\*** *********\Desktop
Geladene Profile: UpdatusUser & ************ (Verfügbare Profile: UpdatusUser & ************ & crdsecagent$admin & Administrator)
Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Windows\System32\CmgShieldSvc.exe
(Dell Inc.) C:\Windows\System32\EmsService.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpCardEngine.exe
() C:\Windows\System32\nvwmi64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
(CREDANT Technologies, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\srvany.exe
(TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft) C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe
(Wilocity) C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpAgent.exe
(Atheros Communications) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Wcct.exe
() C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\*** *********\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\*** *********\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKAE.EXE
() C:\Program Files (x86)\ownCloud\owncloud.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Autodesk Inc.) C:\Users\*** *********\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AWiCMgr] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\AWiC\AWiCMgr.exe [189568 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [AWiCDiag] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe [2782336 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [wcct] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe [1074304 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [LocalSecurityAgent] => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe [33608 2015-05-14] (Dell Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TrayAppExe] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Console.exe [516936 2015-05-22] (Dell, Inc.)
HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3229512 2015-05-14] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-08-26] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [57000 2014-01-09] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Quick***e Task] => C:\Program Files (x86)\Quick***e\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Atheros Communications)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [Akamai NetSession Interface] => C:\Users\*** *********\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKAE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [] => [X]
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-04-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-04-29] (NVIDIA Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [CmgEncOverlay] -> {7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2015-05-14] (Dell Inc.)
ShellIconOverlayIdentifiers: [CmgGhostOverlay] -> {74CD2AE0-8208-424C-8A4B-6670FE358620} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2015-05-14] (Dell Inc.)
ShellIconOverlayIdentifiers: [HiDriveOverlayIcon1] -> {45a23d58-ebdc-3d73-ae36-80fd48cb363e} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HiDriveOverlayIcon2] -> {654b0053-308a-3fcf-8a68-08cc1f1e7783} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\D5000 Wireless Dock.lnk [2015-06-16]
ShortcutTarget: D5000 Wireless Dock.lnk -> C:\Program Files (x86)\Dell Wireless\DW1601\D5000WirelessDock.exe ()
Startup: C:\Users\*** *********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2015-05-29]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\Strato\HiDrive\HiDrive.App.exe ()
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1D6CF363-B920-4C60-AB17-4C727D8B556B}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FA23BCEA-0754-415D-AAB1-EC48056B838F}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
URLSearchHook: [S-1-5-21-979682889-2110692298-1623943922-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-979682889-2110692298-1623943922-1002 -> DefaultScope {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-979682889-2110692298-1623943922-1002 -> {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-979682889-2110692298-1623943922-1002 -> {C59FA84E-806A-428C-9669-7084C2004E84} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\*** *********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.google.de
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2015-01-28] (DigitalPersona, Inc.)
FF user.js: detected! => C:\Users\*** *********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js [2015-06-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-03] (Apple Inc.)
FF SearchPlugin: C:\Users\*** *********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\searchplugins\search_engine.xml [2014-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-27] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection 
 Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome [2015-06-23] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-21] [ist nicht signiert]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]

Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x64\widevinecdmadapter.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google-Suche) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kaspersky Protection) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-09-30]
CHR Extension: (Google Tabellen) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (McAfee Endpoint Security-Webkontrolle) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkchpdmjjdmalgembblgafllbpcjlei [2015-10-13]
CHR Extension: (GoToMeeting Free Sharing) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgncfoanhgdfmkgfehkfdlbdnbhafpp [2015-11-03]
CHR Extension: (Dell Data Protection 
 Security Tools) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-06-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Google Mail) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR Profile: C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
CHR Extension: (Google Docs) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
CHR Extension: (Google Drive) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]
CHR Extension: (Kaspersky Protection) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24]
CHR Extension: (YouTube) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Google-Suche) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Google Tabellen) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Google Mail) - C:\Users\*** *********\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome.crx [2015-01-28]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-16] (Kaspersky Lab ZAO)
R2 CMGShield; C:\Windows\system32\CmgShieldSvc.exe [7135048 2015-05-14] (Dell Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellEntitlement; C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe [325960 2015-05-14] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe [14664 2015-05-22] (CREDANT Technologies, Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe [23880 2015-05-22] ()
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-20] (Aviata, Inc.)
R2 DellTPAgent; C:\Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe [813896 2015-01-30] (Dell Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9960240 2014-02-24] (DisplayLink Corp.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpHostW.exe [473424 2015-01-22] (DigitalPersona, Inc.)
R2 EMS; C:\Windows\system32\EMSService.exe [1968456 2015-05-14] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694368 2014-08-26] ()
S2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [Datei ist nicht signiert]
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.) [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
R2 WBEService; C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe [18944 2014-04-23] (Microsoft) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WilocityMonitorService; C:\Program Files (x86)\Dell Wireless\DW1601\Monitor\Monitor.Service.exe [45056 2014-01-28] (Wilocity) [Datei ist nicht signiert]
R2 WilocityUpdate; C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe [10240 2013-06-09] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WPASupplicantService; C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe [277504 2014-04-23] (Wilocity) [Datei ist nicht signiert]
R2 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{D6916516-B098-4056-858B-12C81502F7D4}

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [421568 2015-01-23] (EldoS Corporation)
R0 cmgfve; C:\Windows\System32\Drivers\cmgfve.sys [209152 2014-11-21] (Dell Inc.)
R0 CmgPassThrough; C:\Windows\System32\DRIVERS\CmgShPT.sys [16096 2015-05-14] (Dell Inc.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [158944 2015-04-23] (Dell Inc.)
R0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [428800 2015-03-10] (Dell Inc.)
R1 CMGShieldReg; C:\Windows\system32\DRIVERS\CmgShREG.sys [83168 2015-05-14] (Dell Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2014-06-12] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-10-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-21] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2014-04-29] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro )
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [133344 2015-03-02] (Dell Inc.)
R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [93432 2013-08-05] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-21] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-05-21] (Acronis International GmbH)
S3 utm5njg4; C:\Windows\SysWOW64\Drivers\utm5njg4.sys [7168 2015-10-02] () [Datei ist nicht signiert]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [18144 2014-11-19] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 wPCI; C:\Windows\System32\drivers\wPci.sys [73368 2014-02-18] (Wilocity Ltd.)
R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-03 12:15 - 2015-11-03 12:15 - 00000000 ____D C:\FRST
2015-11-03 12:11 - 2015-11-03 12:11 - 00000000 _____ C:\Users\*** *********\defogger_reenable
2015-11-03 11:35 - 2015-11-03 11:35 - 00000000 ___RD C:\Users\*** *********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-30 23:11 - 2015-10-30 23:11 - 00000000 ____D C:\KVRT_Data
2015-10-27 09:45 - 2015-10-27 09:45 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-10-21 11:56 - 2015-10-21 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 10:26 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 10:26 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 09:07 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-14 09:07 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-14 09:06 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 09:06 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 09:06 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 09:06 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 09:06 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 09:06 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 09:06 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 09:06 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 09:06 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 09:06 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 09:06 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 09:06 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 09:06 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 09:06 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 09:06 - 2015-09-24 18:51 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-10-14 09:06 - 2015-09-24 18:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-10-14 09:06 - 2015-09-24 18:30 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-10-14 09:06 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-14 09:06 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 09:06 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 09:06 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 09:06 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 09:06 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 09:06 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:06 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 09:06 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 09:06 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 09:06 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:06 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 09:06 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 09:06 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 09:06 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-14 09:06 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 09:06 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:06 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 09:06 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 09:06 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 09:06 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 09:06 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 09:06 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 09:06 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 09:06 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 09:06 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 09:06 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:06 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-14 09:06 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:06 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 09:06 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 09:06 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 09:06 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 09:06 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 09:06 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 09:06 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 09:06 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 09:06 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 09:06 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 09:06 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 09:06 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-run***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-run***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-14 09:06 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 09:06 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-14 09:06 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-14 09:06 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-03 12:14 - 2014-11-07 22:14 - 00000931 _____ C:\Windows\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77}.job
2015-11-03 12:14 - 2014-11-07 22:14 - 00000745 _____ C:\Windows\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77}.job
2015-11-03 12:13 - 2014-07-07 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-03 12:12 - 2015-06-02 13:09 - 00000000 ____D C:\Users\*** *********\AppData\Local\ownCloud
2015-11-03 12:12 - 2014-05-21 12:33 - 00003596 _____ C:\Windows\System32\Tasks\Op***ize Start Menu Cache Files-S-1-5-21-979682889-2110692298-1623943922-1002
2015-11-03 12:11 - 2014-12-24 11:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-03 12:11 - 2014-05-21 12:28 - 00000000 ____D C:\Users\*** *********
2015-11-03 12:07 - 2015-09-30 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-03 12:06 - 2015-09-16 09:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-03 11:54 - 2015-06-23 08:49 - 01829395 _____ C:\Windows\WindowsUpdate.log
2015-11-03 11:49 - 2015-06-01 08:39 - 00001234 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-03 11:35 - 2015-06-01 08:41 - 00000000 ___RD C:\Users\*** *********\Dropbox
2015-11-03 11:35 - 2015-06-01 08:39 - 00000000 ____D C:\Users\*** *********\AppData\Local\Dropbox
2015-11-03 11:35 - 2014-05-08 01:36 - 01789204 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-03 11:35 - 2013-09-03 14:39 - 00770258 _____ C:\Windows\system32\perfh007.dat
2015-11-03 11:35 - 2013-09-03 14:39 - 00160984 _____ C:\Windows\system32\perfc007.dat
2015-11-03 11:34 - 2015-06-01 08:39 - 00001230 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-03 11:34 - 2014-12-24 11:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-03 11:31 - 2015-06-23 14:18 - 00036956 _____ C:\Windows\setupact.log
2015-11-03 11:31 - 2014-05-08 01:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-03 11:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2015-11-03 11:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-03 10:35 - 2015-06-23 11:18 - 00000000 ____D C:\Users\*** *********\AppData\Local\F29C4913-FA1E-4C59-AB79-C6C33098EA27.aplzod
2015-11-03 09:27 - 2014-11-02 16:13 - 00000000 ____D C:\Users\*** *********\AppData\Local\Akamai
2015-10-30 23:07 - 2014-12-27 12:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 22:53 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-30 22:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-27 09:45 - 2015-02-13 15:28 - 00003820 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-10-27 09:41 - 2015-06-26 06:43 - 00033450 _____ C:\Windows\PFRO.log
2015-10-21 11:56 - 2015-06-01 08:39 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-21 10:55 - 2015-09-16 09:48 - 00925064 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-10-21 10:55 - 2015-09-16 09:48 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-10-21 10:55 - 2015-06-26 22:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-10-21 10:54 - 2015-07-04 01:18 - 00227512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-10-20 11:27 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-19 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-10-18 18:13 - 2014-07-07 17:46 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-18 17:47 - 2014-05-26 17:03 - 00000000 ____D C:\Users\*** *********\AppData\Local\CrashDumps
2015-10-16 05:51 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 17:42 - 2014-05-22 16:22 - 00000000 ____D C:\Users\*** *********\AppData\Roaming\vlc
2015-10-15 14:05 - 2014-07-06 12:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 10:31 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 10:31 - 2015-05-18 13:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 16:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-14 10:07 - 2014-05-23 11:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-14 10:07 - 2014-05-23 11:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 10:06 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2015-10-14 10:02 - 2014-05-24 07:26 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 10:00 - 2014-05-24 07:26 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-06 14:49 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-06 10:35 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-26 14:05 - 2014-05-26 14:05 - 0000600 _____ () C:\Users\*** *********\AppData\Local\PUTTY.RND
2015-06-18 08:44 - 2015-06-18 08:44 - 0000000 _____ () C:\Users\*** *********\AppData\Local\{34D591DF-D3A0-4545-8672-945F3DDBFCF1}

Einige Dateien in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnndmyg.dll
C:\Users\*** *********\AppData\Local\Temp\AcDeltree.exe
C:\Users\*** *********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemumwf.dll
C:\Users\*** *********\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\*** *********\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\*** *********\AppData\Local\Temp\nvStInst.exe
C:\Users\*** *********\AppData\Local\Temp\SIInvoker.exe
C:\Users\*** *********\AppData\Local\Temp\vlc-2.1.5-win64.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-19 11:41

==================== Ende von FRST.txt ============================
         

Alt 03.11.2015, 14:37   #2
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

Addition



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von *********** (2015-11-03 12:16:20)
Gestartet von D:\System Dateien\Benutzer\*** ********\Desktop
Windows 8.1 Pro (X64) (2014-05-21 11:28:34)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-979682889-2110692298-1623943922-500 - Administrator - Disabled) => C:\Users\Administrator
crdsecagent$admin (S-1-5-21-979682889-2110692298-1623943922-1005 - Administrator - Enabled) => C:\Users\crdsecagent$admin
Gast (S-1-5-21-979682889-2110692298-1623943922-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-979682889-2110692298-1623943922-1004 - Limited - Enabled)
*********** (S-1-5-21-979682889-2110692298-1623943922-1002 - Administrator - Enabled) => C:\Users\*** ********
UpdatusUser (S-1-5-21-979682889-2110692298-1623943922-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-Bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2016 - Deutsch (German) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - Deutsch (German) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 Language Pack - Deutsch (German) (HKLM\...\AutoCAD 2016 - Deutsch (German)) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CmgMasterPrerequisites (x32 Version: 1.3.1.672 - Credant Technologies Inc.) Hidden
D5000 Wireless Dock (HKLM-x32\...\InstallShield_{1BF832F2-8EA8-4EA9-A3BF-09045DCF0322}) (Version: 1.8.5.1280 - Wilocity)
D5000 Wireless Dock (HKLM-x32\...\InstallShield_{AF295D9D-006D-41EF-B382-28476B673DD6}) (Version: 1.5.17.1038 - Wilocity)
D5000 Wireless Dock (x32 Version: 1.8.5.1280 - Wilocity) Hidden
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{23CEE5C4-BEFA-423A-A041-7C795F5DBDDB}) (Version: 2.3.444.240 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (Version: 8.6.1.2059 - Dell, Inc.) Hidden
Dell Data Protection | Encryption (Version: 8.5.1.6929 - Dell Inc) Hidden
Dell Data Protection | Endpoint Security Suite (x32 Version: 1.0.1.132 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (Version: 2.0.2.813 - DigitalPersona, Inc.) Hidden
Dell Data Protection | Threat Protection (Version: 1.0.0.90 - Dell, Inc.) Hidden
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)
Dell USB Docking Software (HKLM\...\{11B338BD-F15C-49AB-BD8F-DDAD74ABC898}) (Version: 7.5.54081.0 - Dell)
DigitalPersona TouchChip Driver (Version: 1.6.3.379 - DigitalPersona, Inc.) Hidden
DisplayLink Core Software (HKLM\...\{E4F639D7-769C-4E9E-8CD7-12D903E99BFB}) (Version: 7.5.54018.0 - DisplayLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fresco Logic USB3.0 Host Controller (HKLM\...\{CA143808-48CA-4C24-84E9-00F9F5E12D67}) (Version: 3.5.106.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HiDrive (HKLM-x32\...\{C8359CFC-B507-416F-A99E-DDE14F833F1D}) (Version: 3.1.8.0 - STRATO AG)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Run***e (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Run***e (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Run***e (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 340.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.75 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.2 - NVIDIA Corporation)
NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.38 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro International LTD.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Quick***e 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SketchUp-Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION) <==== ACHTUNG
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Validity WBF DDK 495 (HKLM\...\{F622E82E-AFFA-4784-A08F-74311F5716CA}) (Version: 4.5.238.0 - Validity Sensors, Inc.)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Verfügbare Autodesk-Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wilocity Monitor (HKLM-x32\...\{F75A3D53-B0D6-42D6-A077-7EA63013B491}) (Version: 1.1.21 - Wilocity)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Wiederherstellungspunkte =========================

20-10-2015 11:27:13 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04680723-070B-4786-A8E8-65357CC7607D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {0944A370-C7C7-479B-850C-E9181CC9D1B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {11FD16B1-7F88-4408-9A88-E513005A52CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {62FC2104-B7B7-41FB-9EFD-07131D8F8351} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6B0EFCC6-7E93-4829-9655-5B159B71B2D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {6E4CE696-3960-4D15-9842-AF8A18825469} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-20] (Aviata Inc)
Task: {70A0654F-E058-4F81-B5AA-2CF6988FD81D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {74954BC3-1B75-4FF1-97E7-AD75B961FA81} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {7DCB8B1C-EFB7-427C-9A60-37CCBFC3BD02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AAFE0E87-B5F8-4B00-9641-25978D34C5D1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {B31498E5-1734-46B1-A4C6-6462E2069A5F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {B7C6F0EF-1AD9-4643-8488-8EA1F1AF5A71} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C335D6FF-6310-4B4F-B205-9FB61C35B8AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C7E755ED-5309-4EF8-B52A-4104CDB07FEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CF7FA78A-5E44-4EE6-B38E-8B6DC51FEF92} - System32\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D1C10424-0CC1-401F-90DD-6E3B60CCA690} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {D54AD625-F103-4BAA-BC54-86CD662AA502} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {ED258AD1-6F81-428B-A090-3473EB361EE4} - System32\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FDDB9CC3-E4D0-46B8-BDCC-F77791130C98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE
Task: C:\Windows\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{497054DC-3069-44B9-938D-498CCAFECD77} /F:UpdateWORKGROUP\M4800$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-22 16:26 - 2015-05-22 16:26 - 00079688 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DellMgmtNP.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 02694368 _____ () C:\Windows\system32\nvwmi64.exe
2014-05-08 01:34 - 2014-08-24 17:38 - 00118664 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00304968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00103040 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIHVManager.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00351872 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIhvWlanVoE.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00093824 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthSpectralExt.dll
2013-09-24 06:28 - 2013-09-24 06:28 - 00185472 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\Hotspot20Ext.dll
2014-12-27 13:02 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2014-12-27 13:02 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00955208 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00842568 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityFramework.Resources.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00091976 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.Plugins.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00162632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00067912 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.AuthProxy.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00194888 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.Bitlocker.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00087880 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.PBA.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00039240 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.SED.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00036680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.TPM.dll
2015-01-22 10:06 - 2015-01-22 10:06 - 00095568 _____ () C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DigitalPersona.DDP.Agent.dll
2015-01-30 14:24 - 2015-01-30 14:24 - 00028488 _____ () C:\Program Files\Dell\Dell Data Protection\Threat Protection\Dell.SecurityTools.Agent.Plugins.An***alware.dll
2015-01-22 10:06 - 2015-01-22 10:06 - 00011600 _____ () C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\de\DigitalPersona.DDP.Agent.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 02343752 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00015176 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.TPM.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00018760 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.PBA.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00031048 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.Bitlocker.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00016200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.SED.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00023880 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe
2014-10-14 15:02 - 2012-03-09 17:27 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2014-05-08 01:41 - 2013-06-09 18:50 - 00010240 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe
2014-05-08 01:41 - 2013-06-09 18:50 - 00028672 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Engine.dll
2014-05-08 01:41 - 2013-06-09 18:50 - 00006144 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Comm.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 02602272 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2015-06-19 02:31 - 2015-06-19 02:31 - 00059392 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 01684768 _____ () C:\Program Files\NVIDIA Corporation\nview\nvwimg64.dll
2013-10-01 09:32 - 2013-10-01 09:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-04-01 09:48 - 2015-04-01 09:48 - 00019968 _____ () C:\Program Files (x86)\Strato\HiDrive\ShellExt\HiDriveShareFileExtensionEdit.dll
2015-04-01 09:48 - 2015-04-01 09:48 - 00009728 _____ () C:\Program Files (x86)\Strato\HiDrive\ShellExt\HiDrive.WCFClient.dll
2015-04-01 09:48 - 2015-04-01 09:48 - 00009216 _____ () C:\Program Files (x86)\Strato\HiDrive\ShellExt\HiDrive.TextLogger.dll
2015-04-01 09:48 - 2015-04-01 09:48 - 00022528 _____ () C:\Program Files (x86)\Strato\HiDrive\ShellExt\HiDriveShareFileExtensionCreate.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00011264 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-29 22:07 - 2013-10-29 22:07 - 00086016 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-29 22:15 - 2013-10-29 22:15 - 00012928 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\ActivateDesktop.exe
2013-09-24 06:26 - 2013-09-24 06:26 - 00016512 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCCust.dll
2013-09-24 06:28 - 2013-09-24 06:28 - 00627328 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
2015-09-01 15:41 - 2015-09-01 15:41 - 01748494 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe
2015-01-27 20:23 - 2015-01-27 20:23 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-10-27 10:12 - 2015-10-20 15:55 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-27 10:12 - 2015-10-20 15:55 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-06-23 09:14 - 2014-12-05 03:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-06-23 09:14 - 2014-12-05 03:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2014-01-14 07:03 - 2014-01-14 07:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-12-23 11:26 - 2013-11-13 20:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 17:28 - 2014-02-04 17:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 02155808 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2015-09-01 15:41 - 2015-09-01 15:41 - 00670222 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll
2015-09-01 15:41 - 2015-09-01 15:41 - 00971278 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll
2015-08-06 08:59 - 2015-08-06 08:59 - 00097326 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2015-08-06 08:59 - 2015-08-06 08:59 - 00922727 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll
2015-08-06 16:48 - 2015-08-06 16:48 - 00051095 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll
2015-08-06 08:10 - 2015-08-06 08:10 - 00085548 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 02197765 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 01308778 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll
2015-08-06 08:11 - 2015-08-06 08:11 - 00148117 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll
2015-08-06 08:16 - 2015-08-06 08:16 - 01366986 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll
2015-08-06 08:14 - 2015-08-06 08:14 - 00209711 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 21539975 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll
2015-08-06 08:16 - 2015-08-06 08:16 - 00154982 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll
2015-08-06 08:14 - 2015-08-06 08:14 - 00350662 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll
2015-08-06 08:17 - 2015-08-06 08:17 - 00689339 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2015-08-06 10:35 - 2015-08-06 10:35 - 00247540 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll
2015-08-06 08:26 - 2015-08-06 08:26 - 01169416 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll
2015-08-06 10:38 - 2015-08-06 10:38 - 00231727 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-10 11:02 - 2013-10-10 11:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2015-11-03 11:35 - 2015-11-03 11:35 - 00071168 _____ () c:\Users\*** ********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemumwf.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 18:53 - 2015-09-24 00:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-11-03 11:35 - 2014-12-05 03:27 - 00104328 _____ () C:\Users\*** ********\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-979682889-2110692298-1623943922-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win Chrome 1920x1200.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "D5000 Wireless Dock.lnk"
HKLM\...\StartupApproved\Run: => "EmsService"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TrayAppExe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\StartupApproved\StartupFolder: => "HiDrive.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{621A2BAA-E21C-4F7F-915C-DE741D4A2FA2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{94453235-9C87-4042-9D3A-124880E6A2B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A327E708-B1E3-4954-A16F-9DF6A2C1A9DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F4CD9F6C-3552-4B52-913B-EF00B285403E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5A5BAC76-8CCC-4D71-AEC8-6265A8045831}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CBC46BBE-8C93-46A4-85E1-C68EF14C7CBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{13EBE949-07D7-4A47-A50A-2103E5D59631}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1377B22B-3A88-47BA-A2E1-D77F53F06BFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE6ABA17-8BB7-4E0C-90B1-6B4013A0D903}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F1426CB2-1CC6-416B-B05D-3D5064F1FB0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BB5EFFA5-95A4-4A91-8F0A-AEFB8BBDFC38}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{23BCA045-2586-4E6F-B56B-AA75EDA573B0}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{A5660C71-26E2-4284-ADFD-76B8B392C59A}C:\users\*** ********\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*** ********\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{615DF88A-DFAC-4389-A5A9-86A6661477DA}C:\users\*** ********\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*** ********\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{84F2CB7F-DACE-48ED-AD02-83EE89231FC5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8CF1366A-1C2A-4B90-80A7-DB45D2E6307F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7E276F24-F4B8-4259-B582-9F343E55C2BA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{0E5520EF-3CD6-4637-AA0D-3DA31C1CAFEB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{18A89ED7-B2ED-4143-94BB-E14EE0BFDEA0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{FEC33CF2-70BC-44F2-B2AD-6909F648FE53}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{76DA7795-CE8F-41A0-BA75-D32EA40AA516}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{C13D1FD1-88FF-42A2-BCF0-E0CF1549E196}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{60C7C87D-D165-4873-A22E-45A70CE669EC}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{6F899356-6C28-43B6-8DB4-D223AF61EBAB}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{0458A9CA-9B6E-4954-A473-D603DACB3D04}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{1965E54C-95AE-41EB-8D3D-51AD22517D76}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{CEA29DEA-CD68-416C-8186-F821BE22CBC7}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{8AAC09FF-2B7A-4343-B7E7-22D89C894C4F}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{0DF79D5A-372F-47A2-B70B-105BBA536951}] => (Allow) LPort=50248
FirewallRules: [{03DC08DE-3DC1-4F4F-926A-F7136793988C}] => (Allow) LPort=50248
FirewallRules: [{27D112B2-C58F-48B9-99DF-6316E74B9447}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2B891F4E-C3EF-40F0-BD62-0D030317B209}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{997F1257-F0C8-4531-A8B1-BDC6E62B4513}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{83A7A20D-C486-46F3-B04B-2805083EA5BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1175021-3BA3-484D-B607-5BFC3F51F6D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D85F29F8-BE07-49DB-9289-373C60AB9D7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9BEF9637-BE09-45E9-80C1-6971C46297C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C4A19D26-91E9-4FEA-9DB0-60D0A4A30952}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{95ED7DBC-3B05-43CE-B584-301260CC4595}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CD6476E-0A5C-4BB7-A257-079697DF9E61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B52E321F-1D89-4448-B943-15DA8A6450B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C64A760F-6EEE-43E8-8BB3-19D600E5AEC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99ACD5BB-B707-4669-A638-E4220DFEFF12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A92A157D-4FDB-4951-A8F7-B32A37610002}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E28CDE61-B5CE-433C-B03D-8BD8FE4505A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/03/2015 11:31:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Monitor.Service.exe, Version: 1.0.5141.17781, Zeitstempel: 0x52e761cb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xf04
Startzeit der fehlerhaften Anwendung: 0xMonitor.Service.exe0
Pfad der fehlerhaften Anwendung: Monitor.Service.exe1
Pfad des fehlerhaften Moduls: Monitor.Service.exe2
Berichtskennung: Monitor.Service.exe3
Vollständiger Name des fehlerhaften Pakets: Monitor.Service.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Monitor.Service.exe5

Error: (11/03/2015 11:31:30 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2371: driver_wbe.c - internal_DeviceIoControl] - Failed to send IOCTL_RECEIVE_WMI to device with handle 680 due to error 21. Probably due to FW Reset flow. Sleep for 2000 msec and try to send again...

Error: (11/03/2015 11:31:30 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2917: driver_wbe.c - print_format_last_error] - Could not send IOCTL. Error code: 21.

Error: (11/03/2015 11:31:28 AM) (Source: .NET Run***e) (EventID: 1026) (User: )
Description: Anwendung: Monitor.Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Security.Principal.IdentityNotMappedException
Stapel:
   bei System.Security.Principal.NTAccount.Translate(System.Security.Principal.IdentityReferenceCollection, System.Type, Boolean)
   bei System.Security.Principal.NTAccount.Translate(System.Type)
   bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(System.Security.AccessControl.AccessControlModification, System.Security.AccessControl.AccessRule, Boolean ByRef)
   bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
   bei System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
   bei Monitor.Service.NamedPipeServer.serverLoop()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (11/03/2015 11:31:28 AM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
   bei Connect.MetaStore.MetaStorage.Initialize()
   bei Connect.IVault.IVault.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/03/2015 11:22:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avp.exe, Version: 16.0.0.625, Zeitstempel: 0x55b134f0
Name des fehlerhaften Moduls: rar.ppl, Version: 1.5.100.3, Zeitstempel: 0x55f2dbc4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00010ffd
ID des fehlerhaften Prozesses: 0xcd4
Startzeit der fehlerhaften Anwendung: 0xavp.exe0
Pfad der fehlerhaften Anwendung: avp.exe1
Pfad des fehlerhaften Moduls: avp.exe2
Berichtskennung: avp.exe3
Vollständiger Name des fehlerhaften Pakets: avp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avp.exe5

Error: (11/03/2015 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.4075, Zeitstempel: 0x53fa010d
Name des fehlerhaften Moduls: nvxdapix.dll, Version: 8.17.13.4075, Zeitstempel: 0x53f9fd32
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000260d67
ID des fehlerhaften Prozesses: 0x2dd4
Startzeit der fehlerhaften Anwendung: 0xnvxdsync.exe0
Pfad der fehlerhaften Anwendung: nvxdsync.exe1
Pfad des fehlerhaften Moduls: nvxdsync.exe2
Berichtskennung: nvxdsync.exe3
Vollständiger Name des fehlerhaften Pakets: nvxdsync.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvxdsync.exe5

Error: (11/03/2015 10:38:25 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2368: driver_wbe.c - internal_DeviceIoControl] - Failed to send IOCTL_REGISTER_WMI_RX to device with handle 684 due to error 6.

Error: (11/03/2015 10:38:25 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2917: driver_wbe.c - print_format_last_error] - Could not send IOCTL. Error code: 6.

Error: (11/03/2015 09:43:39 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2368: driver_wbe.c - internal_DeviceIoControl] - Failed to send IOCTL_REGISTER_WMI_RX to device with handle 684 due to error 6.


Systemfehler:
=============
Error: (11/03/2015 11:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "O2FLASH" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/03/2015 11:33:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "O2FLASH" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/03/2015 11:31:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wilocity Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/03/2015 11:30:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/03/2015 11:30:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP16.0.0 erreicht.

Error: (11/03/2015 11:30:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst gpsvc erreicht.

Error: (11/03/2015 11:30:42 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst CMGShield konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/03/2015 11:30:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht.

Error: (11/03/2015 09:25:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Anmelde-Assistent für Microsoft-Konten" wurde mit folgendem Fehler beendet: 
%%193

Error: (10/30/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "O2FLASH" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


CodeIntegrity:
===================================
  Date: 2015-08-29 14:18:10.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / An***alware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16323.24 MB
Verfügbarer physikalischer RAM: 13304.92 MB
Summe virtueller Speicher: 18755.24 MB
Verfügbarer virtueller Speicher: 15336.6 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:107.69 GB) (Free:14.31 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:859.74 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================
         
__________________


Alt 03.11.2015, 14:40   #3
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

Gmer 1



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-03 12:31:00
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038  rev. 0,00MB
Running: Gmer-19357.exe; Driver: C:\Users\***VLK~1\AppData\Local\Temp\fxldypog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                                                                           fffff9600011a300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                                                                                                      fffff9600011a310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                             00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                 00007ffc7ae94f3c 8 bytes [60, 6E, C5, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                             00007ffc7ae95216 8 bytes [50, 6E, C5, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                   00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                              00007ffc7ae957af 8 bytes [30, 6E, C5, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                     00007ffc7ae95964 8 bytes [20, 6E, C5, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                   00007ffc7ae95f5e 8 bytes [F0, 6D, C5, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                              00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                    00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                  00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                      00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                      00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                    00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                    00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                      0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                            00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                        00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe[7676] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                       0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                                            00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                                                00007ffc7ae94f3c 8 bytes [60, 6E, 16, 7F, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                                            00007ffc7ae95216 8 bytes [50, 6E, 16, 7F, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                                                  00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                                             00007ffc7ae957af 8 bytes [30, 6E, 16, 7F, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                                                    00007ffc7ae95964 8 bytes [20, 6E, 16, 7F, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                                               00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                                                  00007ffc7ae95f5e 8 bytes [F0, 6D, 16, 7F, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                                               00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                                             00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                                                   00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                                 00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                                                     00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                                                     00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                                                   00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                                                   00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                                               00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                                               0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                                                     0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                                               0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                                                           00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                                                       00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[8952] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                                                      0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                    00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                      00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                 00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                        00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                   00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                      00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                   00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                 00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                       00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                     00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                         00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                         00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                       00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                       00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                   00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                   0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                         0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                   0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                               00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                           00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8964] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                          0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                    00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                      00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                 00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                        00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                   00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                      00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                   00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                 00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                       00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                     00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                         00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                         00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                       00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                       00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                   00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                   0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                         0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                   0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                               00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                           00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe[8972] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                          0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                                00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                                    00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                                00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                                      00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                                 00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                                        00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                                   00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                                      00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                                   00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                                 00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                                       00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                     00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                                         00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                                         00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                                       00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                                       00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                                   00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                                   0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                                         0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                                   0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                                               00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                                           00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                                          0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 125                                                                                                                                                                                           00000000633cb41d 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 250                                                                                                                                                                                           00000000633cb49a 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                       * 5
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 125                                                                                                                                                                                    00000000633cb83d 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 266                                                                                                                                                                                    00000000633cb8ca 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                       * 5
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 359                                                                                                                                                                                                00000000633cbd57 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 679                                                                                                                                                                                                00000000633cbe97 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 38  000000006344ab66 4 bytes [A4, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 48  000000006344ab70 4 bytes [A4, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                       * 3
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 40                                                                                                              000000006344b0a8 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files (x86)\ownCloud\owncloud.exe[9084] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 91                                                                                                              000000006344b0db 4 bytes [98, E1, ED, 6F]
.text    C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[9044] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter                                                                                                                                                                                                     00007ffc7a2747d0 5 bytes [90, 33, C0, 90, C3]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                              00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                  00007ffc7ae94f3c 8 bytes [60, 6E, BF, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                              00007ffc7ae95216 8 bytes [50, 6E, BF, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                    00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                               00007ffc7ae957af 8 bytes [30, 6E, BF, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                      00007ffc7ae95964 8 bytes [20, 6E, BF, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                 00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                    00007ffc7ae95f5e 8 bytes [F0, 6D, BF, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                 00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                               00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                     00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                   00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                       00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                       00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                     00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                     00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                       0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                             00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                         00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[9292] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                        0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                           00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                               00007ffc7ae94f3c 8 bytes [60, 6E, 2E, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                           00007ffc7ae95216 8 bytes [50, 6E, 2E, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                 00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                            00007ffc7ae957af 8 bytes [30, 6E, 2E, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                   00007ffc7ae95964 8 bytes [20, 6E, 2E, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                              00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                 00007ffc7ae95f5e 8 bytes [F0, 6D, 2E, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                              00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                            00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                  00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                    00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                    00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                  00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                  00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                              00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                              0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                    0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                              0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                          00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                      00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[9368] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                     0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                    00007ffc7ae94f3c 8 bytes [60, 6E, 57, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                00007ffc7ae95216 8 bytes [50, 6E, 57, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                      00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                 00007ffc7ae957af 8 bytes [30, 6E, 57, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                        00007ffc7ae95964 8 bytes [20, 6E, 57, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                   00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                      00007ffc7ae95f5e 8 bytes [F0, 6D, 57, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                   00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                 00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                       00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                     00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                         00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                         00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                       00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                       00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                   00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                   0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                         0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                   0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                               00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                           00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[9444] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                          0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                              00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                  00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                              00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                    00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                               00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                      00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                 00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                    00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                 00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                               00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                     00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                   00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                       00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                       00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                     00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                     00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                       0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                             00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                         00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe[9472] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                        0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                              00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                  00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                              00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                    00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                               00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                      00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                 00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                    00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                 00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                               00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                     00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                   00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                       00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                       00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                     00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                     00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                       0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                             00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                         00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[9540] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                        0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                       00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                           00007ffc7ae94f3c 8 bytes [60, 6E, 06, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                       00007ffc7ae95216 8 bytes [50, 6E, 06, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                             00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                        00007ffc7ae957af 8 bytes [30, 6E, 06, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                               00007ffc7ae95964 8 bytes [20, 6E, 06, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                          00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                             00007ffc7ae95f5e 8 bytes [F0, 6D, 06, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                          00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                        00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                              00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                            00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                              00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                              00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                          00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                          0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                          0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                      00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                  00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[9656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                           00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                               00007ffc7ae94f3c 8 bytes [60, 6E, CD, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                           00007ffc7ae95216 8 bytes [50, 6E, CD, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                                 00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                            00007ffc7ae957af 8 bytes [30, 6E, CD, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                                   00007ffc7ae95964 8 bytes [20, 6E, CD, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                              00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                                 00007ffc7ae95f5e 8 bytes [F0, 6D, CD, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                              00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                            00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                                  00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                                    00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                                    00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                                  00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                                  00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                              00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                              0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                                    0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                              0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                                          00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                                      00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[9812] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                                     0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
         
__________________

Alt 03.11.2015, 14:41   #4
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

Gmer 2



Code:
ATTFilter
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                                                      00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                                          00007ffc7ae94f3c 8 bytes [60, 6E, 71, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                                                      00007ffc7ae95216 8 bytes [50, 6E, 71, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                                            00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                                       00007ffc7ae957af 8 bytes [30, 6E, 71, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                                              00007ffc7ae95964 8 bytes [20, 6E, 71, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                                         00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                                            00007ffc7ae95f5e 8 bytes [F0, 6D, 71, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                                         00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                                       00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                                             00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                           00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                                               00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                                               00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                                             00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                                             00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                                         00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                                         0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                                               0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                                         0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                                                     00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                                                 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[10100] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                                                0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                    00007ffc7ae94f3c 8 bytes [60, 6E, B8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                00007ffc7ae95216 8 bytes [50, 6E, B8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                      00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                 00007ffc7ae957af 8 bytes [30, 6E, B8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                        00007ffc7ae95964 8 bytes [20, 6E, B8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                   00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                      00007ffc7ae95f5e 8 bytes [F0, 6D, B8, 7F, 00, 00, 00, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                   00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                 00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                       00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                     00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                         00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                         00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                       00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                       00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                   00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                   0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                         0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                   0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                               00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                           00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[10156] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                          0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                           00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                               00007ffc7ae94f3c 8 bytes [60, 6E, D6, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                           00007ffc7ae95216 8 bytes [50, 6E, D6, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                 00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                            00007ffc7ae957af 8 bytes [30, 6E, D6, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                   00007ffc7ae95964 8 bytes [20, 6E, D6, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                              00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                 00007ffc7ae95f5e 8 bytes [F0, 6D, D6, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                              00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                            00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                  00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                    00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                    00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                  00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                  00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                              00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                              0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                    0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                              0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                          00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                      00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[10172] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                     0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                     00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                         00007ffc7ae94f3c 8 bytes [60, 6E, B8, 7E, 00, 00, 00, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                     00007ffc7ae95216 8 bytes [50, 6E, B8, 7E, 00, 00, 00, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                           00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                      00007ffc7ae957af 8 bytes [30, 6E, B8, 7E, 00, 00, 00, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                             00007ffc7ae95964 8 bytes [20, 6E, B8, 7E, 00, 00, 00, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                        00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                           00007ffc7ae95f5e 8 bytes [F0, 6D, B8, 7E, 00, 00, 00, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                        00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                      00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                            00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                          00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                              00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                              00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                            00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                            00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                        00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                        0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                              0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                        0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                    00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5868] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                               0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                           00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                               00007ffc7ae94f3c 8 bytes [60, 6E, 23, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                           00007ffc7ae95216 8 bytes [50, 6E, 23, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                 00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                            00007ffc7ae957af 8 bytes [30, 6E, 23, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                   00007ffc7ae95964 8 bytes [20, 6E, 23, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                              00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                 00007ffc7ae95f5e 8 bytes [F0, 6D, 23, 7F, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                              00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                            00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                  00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                    00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                    00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                  00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                  00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                              00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                              0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                    0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                              0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                          00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                      00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10192] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                     0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                                                                                                                                               00007ffc7ae94b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                                                                                                                                   00007ffc7ae94f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                                                                                                                                               00007ffc7ae95216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                                                                                                                                     00007ffc7ae9540f 8 bytes {JMP 0xffffffffffffffee}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                                                                                                                                                00007ffc7ae957af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                                                                                                                                       00007ffc7ae95964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                                                                                                                                  00007ffc7ae95f01 8 bytes {JMP 0xffffffffffffff9e}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                                                                                                                                     00007ffc7ae95f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                                  00007ffc7af112a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                                00007ffc7af11420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                                      00007ffc7af11450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                    00007ffc7af11570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                                        00007ffc7af11620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                                        00007ffc7af11ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                                      00007ffc7af11fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                                      00007ffc7af12860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438                                                                                                                                                                                                  00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387                                                                                                                                                                                                  0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                                                                                                                        0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                                                                                                                  0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                                              00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                                                                                                                                          00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    D:\System Dateien\Benutzer\*** *******\Desktop\Gmer-19357.exe[5452] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                                                                                                                                         0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Modules - GMER 2.1 ----

Module   \??\C:\Windows\TEMP\DBUtil_2_3.Sys                                                                                                                                                                                                                                                                                        fffff8006dac1000-fffff8006dac8000 (28672 bytes)
Module   \??\C:\Users\***VLK~1\AppData\Local\Temp\fxldypog.sys (GMER)                                                                                                                                                                                                                                                              fffff8006dac8000-fffff8006dad8000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [1000:4172]                                                                                                                                                                                                                                                                                 fffff9600097a2d0
---- Processes - GMER 2.1 ----

Library  c:\users\***vlk~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpemumwf.dll (*** suspicious ***) @ C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9812](2015-11-03 10:35:41)                                                                                                         0000000057680000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                                                                                     unknown MBR code
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                                                                                     sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         

Alt 03.11.2015, 14:54   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2015, 15:12   #6
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Hallo cosinus,

danke für die schnelle Antwort.


Weitere Logs mit Funden habe ich nicht.


Wie ich schon geschrieben habe: hat Kaspersky an dem Abend die Mail als Bedrohung markiert, und Ich habe die Bedrohung neutralisiert und die Mail gelöscht.
An dem Abend habe ich anschliessend noch einen Online Scan ( Auch von Kaspersky laufen lassen, aber ohne Befund)
Habe mir heute nochmals die Berichte angesehen, und da wir der Vorfall von Kaspersky nur noch als Fehlalarm (und nicht als Bedrohung) aufgeführt.


Ich dachte ja es wäre auch alles ok, nur die Sache mit dem Online-Banking macht mich ein wenig stutzig.


Soll ich noch irgendwelche anderen Scans machen? Kannst du mir andere Programme empfehlen?

(Dem Kaspersky traue ich leider nicht mehr so ganz und suche eine alternative. Da meine USB-Ports gesperrt sind solange KIS installiert ist. Aber das ist ein anderes Thema und der Support hat nach ca. 15 Emails immer noch keine Lösung gefunden)

Alt 03.11.2015, 15:27   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Warum schreibst du jetzt was ganz anderes?
Deine neueste Beschreibung liest sich so, als wenn Kaspersky die Mail gleich erkannt und entfernt hat.
In deinem ersten Posting schreibst du aber was anderes, dass du die RAR-Datei angeklickt hast.

Was ist denn jetzt nun richtig?

Und bitte mal das Log mit dem Fund von Kaspersky posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2015, 15:52   #8
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Bitte entschuldige, wenn ich mich unklar ausgedrückt habe:

Ich habe die .rar angeklickt. Gemerkt das dies ziemlich dämlich war und eine Untersuchung laufen lassen. Darauf hin hat Kaspersky die Mail als Bedrohung erkannt und ich diese gelöscht. (Auf dem Online Account ist die Mail noch unter gelöschten Elementen vorhanden)

Ich hoffe das ist jetzt das was du benötigst (am 30.10. hat er die Mail gefunden):

Code:
ATTFilter
03.11.2015 10.54.03	Vollständige Untersuchung des Computers (abgebrochen)	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 03.11.2015 07:35	Gesamtdauer: 37 Minuten, 25 Sekunden	Ende: 03.11.2015 11:31
03.11.2015 09.58.12	Rootkit-Suche	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 30.10.2015 20:15	Gesamtdauer: 24 Minuten, 17 Sekunden	Ende: 03.11.2015 10:22
30.10.2015 23.30.13	Rootkit-Suche	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 30.10.2015 20:15	Gesamtdauer: 5 Minuten, 37 Sekunden	Ende: 30.10.2015 23:35
30.10.2015 23.22.36	Schwachstellensuche	Gefundene Bedrohungen: 6, neutralisiert: 0, nicht neutralisiert: 0	Gefunden: 6	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 30.10.2015 20:15	Gesamtdauer: 7 Minuten, 35 Sekunden	Ende: 30.10.2015 23:30
30.10.2015 22.57.29	Vollständige Untersuchung des Computers	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 30.10.2015 20:15	Gesamtdauer: 24 Minuten, 30 Sekunden	Ende: 30.10.2015 23:22
30.10.2015 22.14.57	Vollständige Untersuchung des Computers (abgebrochen)	Gefundene Bedrohungen: 1, neutralisiert: 0, nicht neutralisiert: 0	Gefunden: 1	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 29.10.2015 08:23	Gesamtdauer: 38 Minuten, 51 Sekunden	Ende: 30.10.2015 22:53
29.10.2015 13.10.22	Rootkit-Suche	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 29.10.2015 08:23	Gesamtdauer: 17 Minuten, 22 Sekunden	Ende: 29.10.2015 13:27
27.10.2015 10.16.44	Rootkit-Suche	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 20.10.2015 19:10	Gesamtdauer: 13 Minuten, 16 Sekunden	Ende: 27.10.2015 10:30
         

Alt 03.11.2015, 22:08   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Ok, mit der Beschreibung weiß man zwar immer noch nicht, ob du den Schädling ausgeführt hast oder nicht, aber egal...

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2015, 10:04   #10
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

mbar log



Hallo cosinus,

Mbar hat nichts gefunden und ich nehme mal an das daher der Schritt mit dem CleanUp-Button und dem Neustart usw. entfällt.

Hier der Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.04.02
  rootkit: v2015.10.28.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18053
*********** :: M4800 [administrator]

04.11.2015 09:41:00
mbar-log-2015-11-04 (09-41-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 493427
Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 04.11.2015, 10:23   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2015, 12:03   #12
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

ADW



Hallo cosinus,
hier der Log (C1). Hoffe das ist die richtige Datei.
Es gab einen Bluescreen beim Ausführen des Schrittes:

- Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.

Nachdem ich den Rechner (nach dem Bluescreen) neugestartet habe, habe ich den ADWCleaner erneut ausgeführt, weil ich nicht wusste ob das vorher erfolgreich war. Jetzt hat er mir keine Dateien zum Löschen mehr angeboten.

zur Info:
In dem Ordner AdwCleaner sind noch weitere txt-Dateien vohanden (S1-S4 und Quarantäne)

Code:
ATTFilter
# AdwCleaner v5.017 - Bericht erstellt am 04/11/2015 um 10:42:47
# Aktualisiert am 03/11/2015 von Xplode
# Datenbank : 2015-11-03.2 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : *********** - M4800
# Gestartet von : D:\System Dateien\Benutzer\*** ********\Desktop\AdwCleaner_5.017.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js
[-] Datei Gelöscht : C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\user.js

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5E578EBA-6776-494D-B2A1-1033BD01C896}
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Internetbrowser ] *****

[-] [C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
[-] [C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
[-] [C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
[-] [C:\Users\*** ********\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4950 Bytes] ##########
         


Die anderen Schritte (JRT/FRST) mache ich jetzt und poste anschliessend die txt.-Dateien

Hallo cosinus,

JRT verursacht immer einen Bluescreen mit dem Fehler 0xx000021a.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von ********** (Administrator) auf M4800 (04-11-2015 11:59:24)
Gestartet von D:\System Dateien\Benutzer\*** *******\Desktop
Geladene Profile: UpdatusUser & ********** (Verfügbare Profile: UpdatusUser & ********** & crdsecagent$admin & Administrator)
Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Windows\System32\CmgShieldSvc.exe
(Dell Inc.) C:\Windows\System32\EmsService.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpHostW.exe
() C:\Windows\System32\nvwmi64.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpCardEngine.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
(CREDANT Technologies, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\srvany.exe
(TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft) C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe
(Wilocity) C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpAgent.exe
(Atheros Communications) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Wcct.exe
() C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ownCloud\owncloud.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Autodesk Inc.) C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AWiCMgr] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\AWiC\AWiCMgr.exe [189568 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [AWiCDiag] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe [2782336 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [wcct] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe [1074304 2013-09-24] (Qualcomm Atheros Inc.)
HKLM\...\Run: [LocalSecurityAgent] => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe [33608 2015-05-14] (Dell Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TrayAppExe] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Console.exe [516936 2015-05-22] (Dell, Inc.)
HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3229512 2015-05-14] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-08-26] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [57000 2014-01-09] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Quick***e Task] => C:\Program Files (x86)\Quick***e\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Atheros Communications)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [Akamai NetSession Interface] => C:\Users\*** *******\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [] => [X]
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [CmgEncOverlay] -> {7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2015-05-14] (Dell Inc.)
ShellIconOverlayIdentifiers: [CmgGhostOverlay] -> {74CD2AE0-8208-424C-8A4B-6670FE358620} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll [2015-05-14] (Dell Inc.)
ShellIconOverlayIdentifiers: [HiDriveOverlayIcon1] -> {45a23d58-ebdc-3d73-ae36-80fd48cb363e} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HiDriveOverlayIcon2] -> {654b0053-308a-3fcf-8a68-08cc1f1e7783} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\D5000 Wireless Dock.lnk [2015-06-16]
ShortcutTarget: D5000 Wireless Dock.lnk -> C:\Program Files (x86)\Dell Wireless\DW1601\D5000WirelessDock.exe ()
Startup: C:\Users\*** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2015-05-29]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\Strato\HiDrive\HiDrive.App.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1D6CF363-B920-4C60-AB17-4C727D8B556B}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FA23BCEA-0754-415D-AAB1-EC48056B838F}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
URLSearchHook: [S-1-5-21-979682889-2110692298-1623943922-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {5E578EBA-6776-494D-B2A1-1033BD01C896} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-979682889-2110692298-1623943922-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-979682889-2110692298-1623943922-1002 -> {C59FA84E-806A-428C-9669-7084C2004E84} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\*** *******\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2015-01-28] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-03] (Apple Inc.)
FF SearchPlugin: C:\Users\*** *******\AppData\Roaming\Mozilla\Firefox\Profiles\xru58nfz.default\searchplugins\search_engine.xml [2014-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-27] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection 
 Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome [2015-06-23] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-21] [ist nicht signiert]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [nicht gefunden]

Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x64\widevinecdmadapter.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google-Suche) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kaspersky Protection) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-09-30]
CHR Extension: (Google Tabellen) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (McAfee Endpoint Security-Webkontrolle) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkchpdmjjdmalgembblgafllbpcjlei [2015-10-13]
CHR Extension: (GoToMeeting Free Sharing) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgncfoanhgdfmkgfehkfdlbdnbhafpp [2015-11-03]
CHR Extension: (Dell Data Protection 
 Security Tools) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-06-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Google Mail) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR Profile: C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
CHR Extension: (Google Docs) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
CHR Extension: (Google Drive) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]
CHR Extension: (Kaspersky Protection) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24]
CHR Extension: (YouTube) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Google-Suche) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Google Tabellen) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Google Mail) - C:\Users\*** *******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\BrowserExt\dpchrome.crx [2015-01-28]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-16] (Kaspersky Lab ZAO)
R2 CMGShield; C:\Windows\system32\CmgShieldSvc.exe [7135048 2015-05-14] (Dell Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-01] (Dropbox, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellEntitlement; C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe [325960 2015-05-14] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe [14664 2015-05-22] (CREDANT Technologies, Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe [23880 2015-05-22] ()
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-20] (Aviata, Inc.)
R2 DellTPAgent; C:\Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe [813896 2015-01-30] (Dell Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9960240 2014-02-24] (DisplayLink Corp.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DpHostW.exe [473424 2015-01-22] (DigitalPersona, Inc.)
R2 EMS; C:\Windows\system32\EMSService.exe [1968456 2015-05-14] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694368 2014-08-26] ()
S2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [Datei ist nicht signiert]
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.) [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
R2 WBEService; C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe [18944 2014-04-23] (Microsoft) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WilocityMonitorService; C:\Program Files (x86)\Dell Wireless\DW1601\Monitor\Monitor.Service.exe [45056 2014-01-28] (Wilocity) [Datei ist nicht signiert]
R2 WilocityUpdate; C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe [10240 2013-06-09] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WPASupplicantService; C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe [277504 2014-04-23] (Wilocity) [Datei ist nicht signiert]
R2 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{D6916516-B098-4056-858B-12C81502F7D4}

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [421568 2015-01-23] (EldoS Corporation)
R0 cmgfve; C:\Windows\System32\Drivers\cmgfve.sys [209152 2014-11-21] (Dell Inc.)
R0 CmgPassThrough; C:\Windows\System32\DRIVERS\CmgShPT.sys [16096 2015-05-14] (Dell Inc.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [158944 2015-04-23] (Dell Inc.)
R0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [428800 2015-03-10] (Dell Inc.)
R1 CMGShieldReg; C:\Windows\system32\DRIVERS\CmgShREG.sys [83168 2015-05-14] (Dell Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2014-06-12] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-10-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-21] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2014-04-29] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro )
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [133344 2015-03-02] (Dell Inc.)
R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [93432 2013-08-05] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-21] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-05-21] (Acronis International GmbH)
S3 utm5njg4; C:\Windows\SysWOW64\Drivers\utm5njg4.sys [7168 2015-10-02] () [Datei ist nicht signiert]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [18144 2014-11-19] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 wPCI; C:\Windows\System32\drivers\wPci.sys [73368 2014-02-18] (Wilocity Ltd.)
R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 11:18 - 2015-11-04 11:18 - 00000000 ___RD C:\Users\*** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-04 11:17 - 2015-11-04 11:17 - 00345512 _____ C:\Windows\Minidump\110415-13187-01.dmp
2015-11-04 11:15 - 2015-10-05 23:26 - 01801288 _____ (Malwarebytes) C:\Users\*** *******\Desktop\JRT.exe
2015-11-04 11:13 - 2015-11-04 11:13 - 00345840 _____ C:\Windows\Minidump\110415-12937-01.dmp
2015-11-04 10:44 - 2015-11-04 10:44 - 00329504 _____ C:\Windows\Minidump\110415-13234-01.dmp
2015-11-04 10:36 - 2015-11-04 10:47 - 00000000 ____D C:\AdwCleaner
2015-11-04 09:22 - 2015-11-04 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-04 09:22 - 2015-11-04 09:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-04 09:22 - 2015-11-04 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-04 09:20 - 2015-11-04 09:40 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-03 12:44 - 2015-11-04 11:17 - 00000000 ____D C:\Windows\Minidump
2015-11-03 12:44 - 2015-11-03 12:44 - 00321376 _____ C:\Windows\Minidump\110315-19140-01.dmp
2015-11-03 12:15 - 2015-11-04 11:59 - 00000000 ____D C:\FRST
2015-11-03 12:11 - 2015-11-03 12:11 - 00000000 _____ C:\Users\*** *******\defogger_reenable
2015-10-30 23:11 - 2015-10-30 23:11 - 00000000 ____D C:\KVRT_Data
2015-10-27 09:45 - 2015-10-27 09:45 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-10-21 11:56 - 2015-10-21 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 10:26 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 10:26 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 10:26 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 09:07 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-14 09:07 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-14 09:06 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 09:06 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 09:06 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 09:06 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 09:06 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 09:06 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 09:06 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 09:06 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 09:06 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 09:06 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 09:06 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 09:06 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 09:06 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 09:06 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 09:06 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 09:06 - 2015-09-24 18:51 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-10-14 09:06 - 2015-09-24 18:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-10-14 09:06 - 2015-09-24 18:30 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-10-14 09:06 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-14 09:06 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 09:06 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 09:06 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 09:06 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 09:06 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 09:06 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:06 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 09:06 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 09:06 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 09:06 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:06 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 09:06 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 09:06 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 09:06 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-14 09:06 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 09:06 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:06 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 09:06 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 09:06 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 09:06 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 09:06 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 09:06 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 09:06 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 09:06 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 09:06 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 09:06 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:06 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-14 09:06 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:06 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 09:06 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 09:06 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 09:06 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 09:06 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 09:06 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 09:06 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 09:06 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 09:06 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 09:06 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 09:06 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 09:06 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-run***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-run***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-***e-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:06 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-14 09:06 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-14 09:06 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 09:06 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-14 09:06 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-14 09:06 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 11:55 - 2015-06-02 13:09 - 00000000 ____D C:\Users\*** *******\AppData\Local\ownCloud
2015-11-04 11:49 - 2015-06-01 08:39 - 00001234 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-04 11:38 - 2015-06-23 08:49 - 02047634 _____ C:\Windows\WindowsUpdate.log
2015-11-04 11:32 - 2015-09-16 09:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-04 11:21 - 2014-05-08 01:36 - 01789204 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 11:21 - 2013-09-03 14:39 - 00770258 _____ C:\Windows\system32\perfh007.dat
2015-11-04 11:21 - 2013-09-03 14:39 - 00160984 _____ C:\Windows\system32\perfc007.dat
2015-11-04 11:18 - 2015-06-23 11:18 - 00000000 ____D C:\Users\*** *******\AppData\Local\F29C4913-FA1E-4C59-AB79-C6C33098EA27.aplzod
2015-11-04 11:18 - 2015-06-01 08:41 - 00000000 ___RD C:\Users\*** *******\Dropbox
2015-11-04 11:18 - 2015-06-01 08:39 - 00001230 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-04 11:18 - 2015-06-01 08:39 - 00000000 ____D C:\Users\*** *******\AppData\Local\Dropbox
2015-11-04 11:18 - 2014-12-24 11:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 11:17 - 2015-06-23 14:18 - 00037420 _____ C:\Windows\setupact.log
2015-11-04 11:17 - 2014-05-08 01:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-04 11:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2015-11-04 11:17 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 11:14 - 2014-11-07 22:14 - 00000931 _____ C:\Windows\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77}.job
2015-11-04 11:14 - 2014-11-07 22:14 - 00000745 _____ C:\Windows\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77}.job
2015-11-04 11:13 - 2014-07-07 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 11:11 - 2014-12-24 11:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 10:42 - 2014-05-23 07:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-04 09:16 - 2014-11-02 16:13 - 00000000 ____D C:\Users\*** *******\AppData\Local\Akamai
2015-11-03 16:28 - 2014-05-21 12:28 - 00000000 ____D C:\Users\*** *******
2015-11-03 15:25 - 2014-05-21 12:33 - 00003598 _____ C:\Windows\System32\Tasks\Op***ize Start Menu Cache Files-S-1-5-21-979682889-2110692298-1623943922-1002
2015-11-03 12:07 - 2015-09-30 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-30 23:07 - 2014-12-27 12:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 22:53 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-30 22:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-27 09:45 - 2015-02-13 15:28 - 00003820 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-10-27 09:41 - 2015-06-26 06:43 - 00033450 _____ C:\Windows\PFRO.log
2015-10-21 11:56 - 2015-06-01 08:39 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-21 10:55 - 2015-09-16 09:48 - 00925064 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-10-21 10:55 - 2015-09-16 09:48 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-10-21 10:55 - 2015-06-26 22:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-10-21 10:54 - 2015-07-04 01:18 - 00227512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-10-20 11:27 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-19 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-10-18 18:13 - 2014-07-07 17:46 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-18 17:47 - 2014-05-26 17:03 - 00000000 ____D C:\Users\*** *******\AppData\Local\CrashDumps
2015-10-16 05:51 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 17:42 - 2014-05-22 16:22 - 00000000 ____D C:\Users\*** *******\AppData\Roaming\vlc
2015-10-15 14:05 - 2014-07-06 12:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 10:31 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 10:31 - 2015-05-18 13:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 16:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-14 10:07 - 2014-05-23 11:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-14 10:07 - 2014-05-23 11:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 10:06 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2015-10-14 10:02 - 2014-05-24 07:26 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 10:00 - 2014-05-24 07:26 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-06 14:49 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-06 10:35 - 2015-05-18 13:36 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-26 14:05 - 2014-05-26 14:05 - 0000600 _____ () C:\Users\*** *******\AppData\Local\PUTTY.RND
2015-06-18 08:44 - 2015-06-18 08:44 - 0000000 _____ () C:\Users\*** *******\AppData\Local\{34D591DF-D3A0-4545-8672-945F3DDBFCF1}

Einige Dateien in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnndmyg.dll
C:\Users\*** *******\AppData\Local\Temp\AcDeltree.exe
C:\Users\*** *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplrbzix.dll
C:\Users\*** *******\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\*** *******\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\*** *******\AppData\Local\Temp\nvStInst.exe
C:\Users\*** *******\AppData\Local\Temp\SIInvoker.exe
C:\Users\*** *******\AppData\Local\Temp\sqlite3.dll
C:\Users\*** *******\AppData\Local\Temp\vlc-2.1.5-win64.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-04 09:35

==================== Ende von FRST.txt ============================
         

Alt 04.11.2015, 12:07   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Windows neu starten, JRT neu runterladen und nochmal probieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2015, 12:51   #14
timdividuell
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Addition:


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von ********** (2015-11-04 11:59:48)
Gestartet von D:\System Dateien\Benutzer\*** *******\Desktop
Windows 8.1 Pro (X64) (2014-05-21 11:28:34)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-979682889-2110692298-1623943922-500 - Administrator - Disabled) => C:\Users\Administrator
crdsecagent$admin (S-1-5-21-979682889-2110692298-1623943922-1005 - Administrator - Enabled) => C:\Users\crdsecagent$admin
Gast (S-1-5-21-979682889-2110692298-1623943922-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-979682889-2110692298-1623943922-1004 - Limited - Enabled)
********** (S-1-5-21-979682889-2110692298-1623943922-1002 - Administrator - Enabled) => C:\Users\*** *******
UpdatusUser (S-1-5-21-979682889-2110692298-1623943922-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-Bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2016 - Deutsch (German) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - Deutsch (German) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 Language Pack - Deutsch (German) (HKLM\...\AutoCAD 2016 - Deutsch (German)) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CmgMasterPrerequisites (x32 Version: 1.3.1.672 - Credant Technologies Inc.) Hidden
D5000 Wireless Dock (HKLM-x32\...\InstallShield_{1BF832F2-8EA8-4EA9-A3BF-09045DCF0322}) (Version: 1.8.5.1280 - Wilocity)
D5000 Wireless Dock (HKLM-x32\...\InstallShield_{AF295D9D-006D-41EF-B382-28476B673DD6}) (Version: 1.5.17.1038 - Wilocity)
D5000 Wireless Dock (x32 Version: 1.8.5.1280 - Wilocity) Hidden
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{23CEE5C4-BEFA-423A-A041-7C795F5DBDDB}) (Version: 2.3.444.240 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (Version: 8.6.1.2059 - Dell, Inc.) Hidden
Dell Data Protection | Encryption (Version: 8.5.1.6929 - Dell Inc) Hidden
Dell Data Protection | Endpoint Security Suite (x32 Version: 1.0.1.132 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (Version: 2.0.2.813 - DigitalPersona, Inc.) Hidden
Dell Data Protection | Threat Protection (Version: 1.0.0.90 - Dell, Inc.) Hidden
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)
Dell USB Docking Software (HKLM\...\{11B338BD-F15C-49AB-BD8F-DDAD74ABC898}) (Version: 7.5.54081.0 - Dell)
DigitalPersona TouchChip Driver (Version: 1.6.3.379 - DigitalPersona, Inc.) Hidden
DisplayLink Core Software (HKLM\...\{E4F639D7-769C-4E9E-8CD7-12D903E99BFB}) (Version: 7.5.54018.0 - DisplayLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fresco Logic USB3.0 Host Controller (HKLM\...\{CA143808-48CA-4C24-84E9-00F9F5E12D67}) (Version: 3.5.106.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HiDrive (HKLM-x32\...\{C8359CFC-B507-416F-A99E-DDE14F833F1D}) (Version: 3.1.8.0 - STRATO AG)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Run***e (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Run***e (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Run***e (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 340.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.75 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.2 - NVIDIA Corporation)
NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.38 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro International LTD.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Quick***e 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SketchUp-Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION) <==== ACHTUNG
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Validity WBF DDK 495 (HKLM\...\{F622E82E-AFFA-4784-A08F-74311F5716CA}) (Version: 4.5.238.0 - Validity Sensors, Inc.)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Verfügbare Autodesk-Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wilocity Monitor (HKLM-x32\...\{F75A3D53-B0D6-42D6-A077-7EA63013B491}) (Version: 1.1.21 - Wilocity)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-979682889-2110692298-1623943922-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Wiederherstellungspunkte =========================


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0944A370-C7C7-479B-850C-E9181CC9D1B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {11FD16B1-7F88-4408-9A88-E513005A52CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {62FC2104-B7B7-41FB-9EFD-07131D8F8351} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6B0EFCC6-7E93-4829-9655-5B159B71B2D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {6E4CE696-3960-4D15-9842-AF8A18825469} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-20] (Aviata Inc)
Task: {70A0654F-E058-4F81-B5AA-2CF6988FD81D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {74954BC3-1B75-4FF1-97E7-AD75B961FA81} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {969F7FA8-D2CA-4288-B02F-2CD9395BABC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {B31498E5-1734-46B1-A4C6-6462E2069A5F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {B7C6F0EF-1AD9-4643-8488-8EA1F1AF5A71} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C335D6FF-6310-4B4F-B205-9FB61C35B8AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C7E755ED-5309-4EF8-B52A-4104CDB07FEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CF7FA78A-5E44-4EE6-B38E-8B6DC51FEF92} - System32\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D1C10424-0CC1-401F-90DD-6E3B60CCA690} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.)
Task: {D54AD625-F103-4BAA-BC54-86CD662AA502} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {ED258AD1-6F81-428B-A090-3473EB361EE4} - System32\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FDDB9CC3-E4D0-46B8-BDCC-F77791130C98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON WF-7620 Series Invitation {497054DC-3069-44B9-938D-498CCAFECD77}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE
Task: C:\Windows\Tasks\EPSON WF-7620 Series Update {497054DC-3069-44B9-938D-498CCAFECD77}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{497054DC-3069-44B9-938D-498CCAFECD77} /F:UpdateWORKGROUP\M4800$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-22 16:26 - 2015-05-22 16:26 - 00079688 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DellMgmtNP.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 02694368 _____ () C:\Windows\system32\nvwmi64.exe
2014-05-08 01:34 - 2014-08-24 17:38 - 00118664 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00304968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00103040 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIHVManager.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00351872 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIhvWlanVoE.dll
2013-09-24 06:27 - 2013-09-24 06:27 - 00093824 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthSpectralExt.dll
2013-09-24 06:28 - 2013-09-24 06:28 - 00185472 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\Hotspot20Ext.dll
2014-12-27 13:02 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2014-12-27 13:02 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00955208 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00842568 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityFramework.Resources.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00091976 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.Plugins.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00162632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00067912 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.AuthProxy.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00194888 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.Bitlocker.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00087880 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.PBA.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00039240 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.SED.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00036680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityTools.Agent.Plugins.TPM.dll
2015-01-22 10:06 - 2015-01-22 10:06 - 00095568 _____ () C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\DigitalPersona.DDP.Agent.dll
2015-01-30 14:24 - 2015-01-30 14:24 - 00028488 _____ () C:\Program Files\Dell\Dell Data Protection\Threat Protection\Dell.SecurityTools.Agent.Plugins.An***alware.dll
2015-01-22 10:06 - 2015-01-22 10:06 - 00011600 _____ () C:\Program Files\Dell\Dell Data Protection\Authentication\Bin\de\DigitalPersona.DDP.Agent.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00015176 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.TPM.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 02343752 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00018760 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.PBA.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00031048 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.Bitlocker.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00016200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\de\Dell.SecurityTools.Agent.Plugins.SED.resources.dll
2015-05-22 16:26 - 2015-05-22 16:26 - 00023880 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe
2014-10-14 15:02 - 2012-03-09 17:27 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2014-05-08 01:34 - 2014-08-26 11:39 - 02602272 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2015-06-19 02:31 - 2015-06-19 02:31 - 00059392 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2013-10-01 09:32 - 2013-10-01 09:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 01684768 _____ () C:\Program Files\NVIDIA Corporation\nview\nvwimg64.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 00011264 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-29 22:07 - 2013-10-29 22:07 - 00086016 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-29 22:15 - 2013-10-29 22:15 - 00012928 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\ActivateDesktop.exe
2013-09-24 06:26 - 2013-09-24 06:26 - 00016512 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCCust.dll
2013-09-24 06:28 - 2013-09-24 06:28 - 00627328 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
2015-09-01 15:41 - 2015-09-01 15:41 - 01748494 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe
2015-01-27 20:23 - 2015-01-27 20:23 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-01-27 20:23 - 2015-01-27 20:23 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-10-27 10:12 - 2015-10-20 15:55 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-27 10:12 - 2015-10-20 15:55 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2014-05-08 01:41 - 2013-06-09 18:50 - 00010240 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe
2014-05-08 01:41 - 2013-06-09 18:50 - 00028672 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Engine.dll
2014-05-08 01:41 - 2013-06-09 18:50 - 00006144 _____ () C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Comm.dll
2015-10-27 10:12 - 2015-10-20 15:55 - 28860744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
2015-06-23 09:14 - 2014-12-05 03:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-06-23 09:14 - 2014-12-05 03:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 02155808 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2015-09-01 15:41 - 2015-09-01 15:41 - 00670222 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll
2015-09-01 15:41 - 2015-09-01 15:41 - 00971278 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll
2015-08-06 08:59 - 2015-08-06 08:59 - 00097326 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2015-08-06 08:59 - 2015-08-06 08:59 - 00922727 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll
2015-08-06 16:48 - 2015-08-06 16:48 - 00051095 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll
2015-08-06 08:10 - 2015-08-06 08:10 - 00085548 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 02197765 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 01308778 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll
2015-08-06 08:11 - 2015-08-06 08:11 - 00148117 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll
2015-08-06 08:16 - 2015-08-06 08:16 - 01366986 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll
2015-08-06 08:14 - 2015-08-06 08:14 - 00209711 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll
2015-08-06 08:21 - 2015-08-06 08:21 - 21539975 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll
2015-08-06 08:16 - 2015-08-06 08:16 - 00154982 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll
2015-08-06 08:14 - 2015-08-06 08:14 - 00350662 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll
2015-08-06 08:17 - 2015-08-06 08:17 - 00689339 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2015-08-06 10:35 - 2015-08-06 10:35 - 00247540 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll
2015-08-06 08:26 - 2015-08-06 08:26 - 01169416 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll
2015-08-06 10:38 - 2015-08-06 10:38 - 00231727 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 11:02 - 2013-10-10 11:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2015-11-04 11:18 - 2015-11-04 11:18 - 00071168 _____ () c:\Users\*** *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplrbzix.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 18:53 - 2015-09-24 00:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-01 08:40 - 2015-09-24 00:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 01033792 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-05-08 01:34 - 2014-08-26 11:39 - 01684768 _____ () C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
2015-04-22 16:20 - 2015-04-22 16:20 - 00125088 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2015-11-04 11:18 - 2014-12-05 03:27 - 00104328 _____ () C:\Users\*** *******\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-01-14 07:03 - 2014-01-14 07:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-12-23 11:26 - 2013-11-13 20:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 17:28 - 2014-02-04 17:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-979682889-2110692298-1623943922-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win Chrome 1920x1200.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "D5000 Wireless Dock.lnk"
HKLM\...\StartupApproved\Run: => "EmsService"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TrayAppExe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-979682889-2110692298-1623943922-1002\...\StartupApproved\StartupFolder: => "HiDrive.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{621A2BAA-E21C-4F7F-915C-DE741D4A2FA2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{94453235-9C87-4042-9D3A-124880E6A2B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A327E708-B1E3-4954-A16F-9DF6A2C1A9DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F4CD9F6C-3552-4B52-913B-EF00B285403E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5A5BAC76-8CCC-4D71-AEC8-6265A8045831}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CBC46BBE-8C93-46A4-85E1-C68EF14C7CBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{13EBE949-07D7-4A47-A50A-2103E5D59631}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1377B22B-3A88-47BA-A2E1-D77F53F06BFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE6ABA17-8BB7-4E0C-90B1-6B4013A0D903}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F1426CB2-1CC6-416B-B05D-3D5064F1FB0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BB5EFFA5-95A4-4A91-8F0A-AEFB8BBDFC38}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{23BCA045-2586-4E6F-B56B-AA75EDA573B0}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{A5660C71-26E2-4284-ADFD-76B8B392C59A}C:\users\*** *******\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*** *******\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{615DF88A-DFAC-4389-A5A9-86A6661477DA}C:\users\*** *******\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*** *******\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{84F2CB7F-DACE-48ED-AD02-83EE89231FC5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8CF1366A-1C2A-4B90-80A7-DB45D2E6307F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7E276F24-F4B8-4259-B582-9F343E55C2BA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{0E5520EF-3CD6-4637-AA0D-3DA31C1CAFEB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{18A89ED7-B2ED-4143-94BB-E14EE0BFDEA0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{FEC33CF2-70BC-44F2-B2AD-6909F648FE53}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{76DA7795-CE8F-41A0-BA75-D32EA40AA516}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{C13D1FD1-88FF-42A2-BCF0-E0CF1549E196}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{60C7C87D-D165-4873-A22E-45A70CE669EC}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{6F899356-6C28-43B6-8DB4-D223AF61EBAB}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{0458A9CA-9B6E-4954-A473-D603DACB3D04}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{1965E54C-95AE-41EB-8D3D-51AD22517D76}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{CEA29DEA-CD68-416C-8186-F821BE22CBC7}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{8AAC09FF-2B7A-4343-B7E7-22D89C894C4F}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{0DF79D5A-372F-47A2-B70B-105BBA536951}] => (Allow) LPort=50248
FirewallRules: [{03DC08DE-3DC1-4F4F-926A-F7136793988C}] => (Allow) LPort=50248
FirewallRules: [{27D112B2-C58F-48B9-99DF-6316E74B9447}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2B891F4E-C3EF-40F0-BD62-0D030317B209}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{997F1257-F0C8-4531-A8B1-BDC6E62B4513}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{83A7A20D-C486-46F3-B04B-2805083EA5BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1175021-3BA3-484D-B607-5BFC3F51F6D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D85F29F8-BE07-49DB-9289-373C60AB9D7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9BEF9637-BE09-45E9-80C1-6971C46297C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C4A19D26-91E9-4FEA-9DB0-60D0A4A30952}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{95ED7DBC-3B05-43CE-B584-301260CC4595}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CD6476E-0A5C-4BB7-A257-079697DF9E61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B52E321F-1D89-4448-B943-15DA8A6450B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C64A760F-6EEE-43E8-8BB3-19D600E5AEC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99ACD5BB-B707-4669-A638-E4220DFEFF12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A92A157D-4FDB-4951-A8F7-B32A37610002}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E28CDE61-B5CE-433C-B03D-8BD8FE4505A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/04/2015 11:17:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Monitor.Service.exe, Version: 1.0.5141.17781, Zeitstempel: 0x52e761cb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xMonitor.Service.exe0
Pfad der fehlerhaften Anwendung: Monitor.Service.exe1
Pfad des fehlerhaften Moduls: Monitor.Service.exe2
Berichtskennung: Monitor.Service.exe3
Vollständiger Name des fehlerhaften Pakets: Monitor.Service.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Monitor.Service.exe5

Error: (11/04/2015 11:17:10 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2371: driver_wbe.c - internal_DeviceIoControl] - Failed to send IOCTL_RECEIVE_WMI to device with handle 628 due to error 21. Probably due to FW Reset flow. Sleep for 2000 msec and try to send again...

Error: (11/04/2015 11:17:10 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2917: driver_wbe.c - print_format_last_error] - Could not send IOCTL. Error code: 21.

Error: (11/04/2015 11:17:09 AM) (Source: .NET Run***e) (EventID: 1026) (User: )
Description: Anwendung: Monitor.Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Security.Principal.IdentityNotMappedException
Stapel:
   bei System.Security.Principal.NTAccount.Translate(System.Security.Principal.IdentityReferenceCollection, System.Type, Boolean)
   bei System.Security.Principal.NTAccount.Translate(System.Type)
   bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(System.Security.AccessControl.AccessControlModification, System.Security.AccessControl.AccessRule, Boolean ByRef)
   bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
   bei System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
   bei Monitor.Service.NamedPipeServer.serverLoop()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (11/04/2015 11:17:09 AM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
   bei Connect.MetaStore.MetaStorage.Initialize()
   bei Connect.IVault.IVault.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2015 11:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Monitor.Service.exe, Version: 1.0.5141.17781, Zeitstempel: 0x52e761cb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xe88
Startzeit der fehlerhaften Anwendung: 0xMonitor.Service.exe0
Pfad der fehlerhaften Anwendung: Monitor.Service.exe1
Pfad des fehlerhaften Moduls: Monitor.Service.exe2
Berichtskennung: Monitor.Service.exe3
Vollständiger Name des fehlerhaften Pakets: Monitor.Service.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Monitor.Service.exe5

Error: (11/04/2015 11:14:01 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2371: driver_wbe.c - internal_DeviceIoControl] - Failed to send IOCTL_RECEIVE_WMI to device with handle 444 due to error 21. Probably due to FW Reset flow. Sleep for 2000 msec and try to send again...

Error: (11/04/2015 11:14:01 AM) (Source: WPA Supplicant) (EventID: 256) (User: )
Description: [2917: driver_wbe.c - print_format_last_error] - Could not send IOCTL. Error code: 21.

Error: (11/04/2015 11:13:59 AM) (Source: .NET Run***e) (EventID: 1026) (User: )
Description: Anwendung: Monitor.Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Security.Principal.IdentityNotMappedException
Stapel:
   bei System.Security.Principal.NTAccount.Translate(System.Security.Principal.IdentityReferenceCollection, System.Type, Boolean)
   bei System.Security.Principal.NTAccount.Translate(System.Type)
   bei System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(System.Security.AccessControl.AccessControlModification, System.Security.AccessControl.AccessRule, Boolean ByRef)
   bei System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
   bei System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
   bei Monitor.Service.NamedPipeServer.serverLoop()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (11/04/2015 11:13:59 AM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
   bei Connect.MetaStore.MetaStorage.Initialize()
   bei Connect.IVault.IVault.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (11/04/2015 11:19:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "O2FLASH" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/04/2015 11:19:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "O2FLASH" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2015 11:17:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wilocity Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2015 11:17:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/04/2015 11:17:07 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xc000021a (0xffffc000325301f0, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP110415-13187-01

Error: (11/04/2015 11:17:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎11.‎2015 um 11:13:57 unerwartet heruntergefahren.

Error: (11/04/2015 11:16:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "O2SDIOAssist" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2015 11:16:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2015 11:16:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/04/2015 11:16:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Epson Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-08-29 14:18:10.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / An***alware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16323.24 MB
Verfügbarer physikalischer RAM: 13432.64 MB
Summe virtueller Speicher: 32707.24 MB
Verfügbarer virtueller Speicher: 29344.23 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:107.69 GB) (Free:2.22 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:859.66 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================
         
JRT kann ich nicht ausführen, immer wieder Bluescreens. Gibt´s da Alternativen?

Habe mittlerweile Kaspersky deinstalliert - dachte eventuell liegt es daran, da ich immer mal wieder Probleme mit Kaspersky Internet Security hatte -- daran lag es aber nicht

Was kann ich jetzt tun?
Welchen Schutzsoftware sollte ich verwenden, momentan hab ich nix mehr drauf.

Ich könnte das System über TrueImage zurück sichern. Ist dann mit Sicherheit auch eine eventuelle Schadsoftware weg?


Sorry das es so kompliziert mit mir ist - muss sagen Du/Ihr macht hier einen super Job. Bin echt beeindruckt wie schnell Ihr hier eure Hilfe anbietet. Also fetten Dank bis hier hin und hoffe es gibt noch ne Lösung für meine Problem

Alt 04.11.2015, 13:34   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WIN 8.1: .RAR-Datei von DHL-Email - Standard

WIN 8.1: .RAR-Datei von DHL-Email



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Software Updater

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu WIN 8.1: .RAR-Datei von DHL-Email
adobe, akamai, bluescreen, bonjour, computer, defender, dnsapi.dll, fehlalarm, fehler, flash player, google, homepage, internet, kaspersky, mozilla, prozesse, realtek, registry, rundll, scan, security, software, svchost.exe, system, usb, windows



Ähnliche Themen: WIN 8.1: .RAR-Datei von DHL-Email


  1. Windows 7: DHL-Email - Zip Datei heruntergeladen und geöffnet
    Log-Analyse und Auswertung - 11.06.2015 (26)
  2. Email Anhang zip-Datei mit iPhone geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.01.2015 (5)
  3. Zip-Datei (Paypal-Rechnung) in eMail-Anhang angeklickt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (7)
  4. paypal-Trojaner (zip email attachment geöffnet und auf die Datei geklickt)?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (3)
  5. email mit einer fragwürdigen zip datei bekommen
    Alles rund um Windows - 10.07.2014 (7)
  6. A1 Rechnung Email RTF Datei Anhang mit Word geöffnet
    Log-Analyse und Auswertung - 20.06.2014 (23)
  7. A1 Email RTF Datei Anhang mit Word geöffnet
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (7)
  8. email zip datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.05.2014 (9)
  9. Anwalt Email bekommen und die zip datei dummerweise geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (10)
  10. VirusTotal Trojanerfund 12/47 in Trash Email Datei
    Log-Analyse und Auswertung - 05.11.2013 (3)
  11. email von Kanzlei mit Mahnung in Zip datei die ich entpacken wollte
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (13)
  12. Groupon-EMail mit Trojaner-zip-Datei geöffnet
    Log-Analyse und Auswertung - 08.04.2013 (8)
  13. Gefälschte Groupon Email mit Zip Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (13)
  14. Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren
    Log-Analyse und Auswertung - 25.02.2013 (19)
  15. Email mit ZIP-Datei als Anhang!
    Log-Analyse und Auswertung - 13.02.2013 (1)
  16. Unbekannte ASPX datei bei meiner email adresse
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (11)
  17. Verschlüsselungstrojaner verschärfte Art eMail und Anhang mit Zip-Datei vorhanden
    Log-Analyse und Auswertung - 30.05.2012 (6)

Zum Thema WIN 8.1: .RAR-Datei von DHL-Email - Hallo Trojaner-Board-Team, vorab für euch zur Info: ich bin selbstständig und nutze diesen Rechner teilweise auch geschäftlich. Da ich ein Einzelkämpfer bin und keine IT-Abteilung oder ähnliches habe, hoffe ich, - WIN 8.1: .RAR-Datei von DHL-Email...
Archiv
Du betrachtest: WIN 8.1: .RAR-Datei von DHL-Email auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.