| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win10: Browser HijackerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.04.2016, 12:11
| #1 |
 |  Win10: Browser Hijacker Oh man, jetzt hat es mich selbst erwischt: Ich verwende Windows Defender und Chrome mit Adblock Plus, HTTPS Everywhere und Ghostery und habe mich damit immer sicher gefühlt. Nur, heute öffne ich Chrome und werde sofort zu einer Werbeseite (viceice.com) weitergeleitet. Beim Start von Edge öffnet sich sogar Chrome und Edge schließt sich wieder... Erster Scan mit MBAM erschreckt mich schon mal, über 1000 gefundene Elemente! Leider ist die Log-Datei viel zu groß, selbst für den Anhang... Neustart, Bedrohungssuchlauf, nichts mehr gefunden. Komisch finde ich aber auch "C:\Avenger\taskmgr.exe" mit 146 MB... AdwCleaner: Code:
ATTFilter # AdwCleaner v5.109 - Bericht erstellt am 10/04/2016 um 12:29:09
# Aktualisiert am 04/04/2016 von Xplode
# Datenbank : 2016-04-09.1 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Michael - HEIMSCHEISSER
# Gestartet von : C:\Users\Michael\Downloads\adwcleaner_5.109.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : voicemeeter.en.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : de.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : softonic.de
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : join-me.de.softonic.com
*************************
:: "Tracing" schlüssel löschen
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4812 Bytes] - [10/04/2016 12:29:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [4717 Bytes] - [10/04/2016 12:28:06]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4958 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (10-04-2016 12:42:42)
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael (Verfügbare Profile: Michael & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Spotify Ltd) C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Keine Datei
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.viceice.com/
CHR StartupUrls: Default -> "hxxp://www.viceice.com/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-25] (NVIDIA Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-25] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert]
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation)
S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] ()
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-10 12:42 - 2016-04-10 12:42 - 00029056 _____ C:\Users\Michael\Desktop\FRST.txt
2016-04-10 12:41 - 2016-04-10 12:42 - 00000000 ____D C:\FRST
2016-04-10 12:37 - 2016-04-10 12:37 - 00000346 _____ C:\Users\Michael\Desktop\tb.txt
2016-04-10 12:36 - 2016-04-10 12:41 - 02374144 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt
2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner
2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe
2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger
2016-04-10 12:04 - 2016-04-10 12:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-10 11:21 - 2016-04-10 11:49 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft
2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts
2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini
2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs
2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree
2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos
2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA
2016-04-02 16:45 - 2016-04-09 11:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2016-04-02 13:12 - 2016-04-02 13:20 - 00590399 _____ C:\Users\Michael\Desktop\pinger.xlsx
2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt
2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506
2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts
2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther
2016-03-28 21:17 - 2016-03-28 21:17 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation
2016-03-28 21:16 - 2016-04-10 12:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-28 21:16 - 2016-03-25 03:49 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-28 21:16 - 2016-03-25 03:49 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-28 21:16 - 2016-03-25 03:48 - 01767432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-28 21:16 - 2016-03-25 03:48 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt
2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel
2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte
2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany
2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition
2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg
2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt
2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE
2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys
2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys
2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das
2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt
2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud
2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud
2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud
2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv
2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN
2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt
2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono
2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr
2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN
2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive
2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url
2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-10 12:36 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-04-10 12:35 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 12:35 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-10 12:35 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-10 12:35 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-10 12:29 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 12:29 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 12:29 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-10 12:29 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2016-04-10 12:29 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel
2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 12:13 - 2015-10-18 01:57 - 00002855 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify
2016-04-10 12:13 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee
2016-04-10 12:02 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-10 11:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:52 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2016-04-10 11:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-10 11:44 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-04-10 11:04 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-09 16:24 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique
2016-04-08 21:49 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0
2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local???????????????????
2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8
2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta
2016-04-07 18:38 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer
2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools
2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin
2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin
2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive
2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp
2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael
2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth
2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD
2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity
2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity
2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive
2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol
2016-03-25 03:48 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V
2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens
2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung
2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView
2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR
2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt
2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat
2015-10-18 01:57 - 2016-04-10 12:13 - 0002855 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt
2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part
2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS
2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part
2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat
2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage
2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico
Einige Dateien in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\libeay32.dll
C:\Users\Michael\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-31 20:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Michael (2016-04-10 12:43:15)
Gestartet von C:\Users\Michael\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled)
Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast
Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox)
ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial)
Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org)
Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.49 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden
Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation)
Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com
Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop
Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {BB3D1B89-F553-4912-BF86-66FEEC4624C1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
==================== Wiederherstellungspunkte =========================
06-04-2016 16:54:46 Removed SciDaVis
06-04-2016 22:16:08 Before CCleaner
09-04-2016 18:56:39 Removed Minecraft
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: SoftPerfect Virtual Bus
Description: SoftPerfect Virtual Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: KEG
Service: SPVDPort
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/10/2016 12:36:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:36:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1e34
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1cb4
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:34:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:33:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Systemfehler:
=============
Error: (04/10/2016 12:31:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat
Error: (04/10/2016 12:30:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat
Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NvStreamSvc erreicht.
Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert.
Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-04-10 12:24:17.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-07 21:10:32.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:27.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 23:23:01.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 22:24:36.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 21:19:04.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.623
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8012.59 MB
Verfügbarer physikalischer RAM: 5911.3 MB
Summe virtueller Speicher: 10700.59 MB
Verfügbarer virtueller Speicher: 8554.76 MB
==================== Laufwerke ================================
Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:104.81 GB) NTFS
Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:270.22 GB) NTFS
Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
10.04.2016, 15:25
| #2 |
| /// TB-Ausbilder   | Win10: Browser Hijacker Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Logdatei von MBAM zippen (in ein .zip Archiv packen) und mit deiner nächsten Nachricht als Anhang hochladen. Zudem noch JRT bitte: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
11.04.2016, 19:13
| #3 |
| | Win10: Browser Hijacker Hallo Matthias,
__________________bitteschön: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Pro x64
Ran by Michael (Administrator) on 11.04.2016 at 20:04:33,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Michael\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)
Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREE.EXE-9AC91406.pf (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2016 at 20:05:42,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
11.04.2016, 20:42
| #4 |
| /// TB-Ausbilder | Win10: Browser Hijacker Servus, FRST bitte nochmal zur Kontrolle:
|
|
11.04.2016, 21:09
| #5 |
| | Win10: Browser Hijacker FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (11-04-2016 21:57:48)
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael (Verfügbare Profile: Michael & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-04-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2016-04-10]
CHR Extension: (BetterTTV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-04-10]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-10]
CHR Extension: (Red Fox Snow Theme) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaadipmojdihomphfmjphmelinpdalg [2016-04-10]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10]
CHR Extension: (Gmail offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-04-10]
CHR Extension: (Google Play Musik) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-10]
CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-04-10]
CHR Extension: (Citizen Ex) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfgpjihgigboplilbcehdbacklfgjlp [2016-04-10]
CHR Extension: (Steam Database) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2016-04-10]
CHR Extension: (Google*Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-10]
CHR Extension: (Momentum) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-04-10]
CHR Extension: (Ghostery) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-10]
CHR Extension: (YouTube Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdalpbojfdilmiboaiedicdbigdabpb [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-04-06] (NVIDIA Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-04-06] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-04-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-04-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert]
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-04-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation)
S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] ()
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-11 21:57 - 2016-04-11 21:58 - 00031196 _____ C:\Users\Michael\Desktop\FRST.txt
2016-04-11 21:55 - 2016-04-11 21:55 - 00000000 ____D C:\Users\Michael\Desktop\#1
2016-04-11 20:05 - 2016-04-11 20:05 - 00001273 _____ C:\Users\Michael\Desktop\JRT.txt
2016-04-11 20:04 - 2016-04-11 20:04 - 01610352 _____ (Malwarebytes) C:\Users\Michael\Desktop\JRT.exe
2016-04-10 14:53 - 2016-04-10 14:53 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Ludeon Studios
2016-04-10 14:49 - 2016-04-10 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-04-10 14:28 - 2016-04-10 14:31 - 00000000 ____D C:\Users\Michael\Desktop\RimWorld1135Win
2016-04-10 14:28 - 2016-04-10 14:28 - 00000000 ____D C:\Users\Michael\Desktop\RW
2016-04-10 14:11 - 2016-04-10 14:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc
2016-04-10 12:41 - 2016-04-11 21:57 - 00000000 ____D C:\FRST
2016-04-10 12:37 - 2016-04-10 13:09 - 00115576 _____ C:\Users\Michael\Desktop\tb.txt
2016-04-10 12:36 - 2016-04-11 21:57 - 02375168 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt
2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner
2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe
2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger
2016-04-10 12:10 - 2016-04-10 12:10 - 00183744 _____ C:\Users\Michael\Desktop\MBAM.txt
2016-04-10 12:04 - 2016-04-10 14:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-10 11:21 - 2016-04-10 13:29 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft
2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts
2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini
2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs
2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree
2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos
2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA
2016-04-02 16:45 - 2016-04-10 13:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt
2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506
2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts
2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther
2016-03-28 21:17 - 2016-04-11 19:59 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation
2016-03-28 21:16 - 2016-04-11 20:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-28 21:16 - 2016-04-06 02:20 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-28 21:16 - 2016-04-06 02:20 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt
2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel
2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte
2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany
2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition
2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg
2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt
2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE
2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys
2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys
2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das
2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt
2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud
2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud
2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud
2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv
2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN
2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt
2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono
2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr
2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN
2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive
2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url
2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-11 21:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-11 20:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 20:59 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 20:12 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 20:12 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 20:12 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-11 20:12 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-11 20:06 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-11 20:06 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-11 20:06 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-11 20:06 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2016-04-11 19:55 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-04-11 19:25 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-11 19:25 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2016-04-11 02:43 - 2015-10-18 01:57 - 00002853 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-11 02:43 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-04-10 14:49 - 2016-01-15 18:35 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-04-10 14:49 - 2015-04-11 20:34 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-04-10 14:49 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-10 14:43 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-04-10 14:22 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0
2016-04-10 14:16 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 13:29 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel
2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify
2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee
2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique
2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8
2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta
2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer
2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools
2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-06 02:19 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin
2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin
2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive
2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp
2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael
2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth
2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD
2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity
2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity
2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive
2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol
2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V
2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens
2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung
2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView
2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR
2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt
2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat
2015-10-18 01:57 - 2016-04-11 02:43 - 0002853 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt
2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part
2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS
2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part
2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat
2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage
2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico
Einige Dateien in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\libeay32.dll
C:\Users\Michael\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-10 14:42
==================== Ende von FRST.txt ============================
addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
durchgeführt von Michael (2016-04-11 21:58:42)
Gestartet von C:\Users\Michael\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled)
Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast
Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox)
ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial)
Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org)
Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.67 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.67 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden
Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation)
Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com
Task: {0BC03E6B-B3AD-446A-B67C-FBE95DD8FCF4} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop
Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-28 21:16 - 2016-04-06 02:34 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-28 21:16 - 2016-04-06 02:34 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-03-28 21:16 - 2016-04-06 02:41 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-03-28 21:16 - 2016-04-06 02:42 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-04-11 19:59 - 2016-04-06 02:54 - 04406720 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 00391168 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll
2016-04-09 11:27 - 2016-04-08 13:53 - 31407296 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-03-28 21:16 - 2016-04-06 02:42 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
==================== Wiederherstellungspunkte =========================
06-04-2016 16:54:46 Removed SciDaVis
06-04-2016 22:16:08 Before CCleaner
09-04-2016 18:56:39 Removed Minecraft
11-04-2016 20:04:34 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: SoftPerfect Virtual Bus
Description: SoftPerfect Virtual Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: KEG
Service: SPVDPort
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (04/11/2016 08:07:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (04/11/2016 08:04:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (04/11/2016 08:00:37 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Systemfehler:
=============
Error: (04/11/2016 09:59:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (04/11/2016 08:33:48 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: [::]:2869
Error: (04/11/2016 08:33:48 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: [::]:2869
Error: (04/11/2016 08:06:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert.
Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2016 08:06:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/11/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-04-10 12:24:17.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-07 21:10:32.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:27.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 23:23:01.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 22:24:36.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 21:19:04.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.623
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 8012.59 MB
Verfügbarer physikalischer RAM: 4993.04 MB
Summe virtueller Speicher: 10572.59 MB
Verfügbarer virtueller Speicher: 6733.99 MB
==================== Laufwerke ================================
Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:103.23 GB) NTFS
Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:269.97 GB) NTFS
Drive e: (eWD) (Fixed) (Total:931.51 GB) (Free:155.74 GB) NTFS
Drive f: (USB-BOOT64) (Fixed) (Total:31.98 GB) (Free:31.48 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (USB-Daten64) (Fixed) (Total:3694.02 GB) (Free:3646.21 GB) NTFS
Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2)
Partition: GPT.
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002846E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
12.04.2016, 13:21
| #6 |
| /// TB-Ausbilder | Win10: Browser Hijacker Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles.  Hinweis: Der Suchlauf mit ESET kann länger dauern. Bitte setze deine Brower wie folgt zurück: IE ::: Setze folgendermassen den Internet Explorer zurück:
FF ::: setze bitte Firefox wie folgt zurück: Firefox zurücksetzen CHR::: Setze Google Chrome nach dieser Anleitung zurück. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG
GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
12.04.2016, 16:22
| #7 |
| | Win10: Browser Hijacker Erledigt, nur Firefox habe ich schon länger nicht mehr installiert. fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
durchgeführt von Michael (2016-04-12 14:32:27) Run:1
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael & Gast (Verfügbare Profile: Michael & Gast)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG
GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Schlüssel erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
Chrome StartupUrls => erfolgreich entfernt
"HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe" => Schlüssel erfolgreich entfernt
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 906.2 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 14:32:45 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5
# end=init
# utc_time=2016-04-12 12:45:57
# local_time=2016-04-12 02:45:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29024
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5
# end=updated
# utc_time=2016-04-12 12:48:08
# local_time=2016-04-12 02:48:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5
# engine=29024
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-12 03:03:10
# local_time=2016-04-12 05:03:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8396 14287533 0 0
# scanned=289049
# found=3
# cleaned=0
# scan_time=8101
sh=B147F7D44153FA8034DF292A673965438F5E2C9F ft=1 fh=2fc806f6b217b8c9 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\AppData\Local\618015D5_stp\icmac.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="E:\beni5_000.rar"
sh=565B645851C49C4FB5CF1AF90540A4129033CE66 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.SpeedingUpMyPC.AM Anwendung" ac=I fn="E:\OS\Hiren's.BootCD.15.2_FINAL.iso"
Code:
ATTFilter HitmanPro 3.7.13.258
www.hitmanpro.com
Computer name . . . . : HEIMSCHEISSER
Windows . . . . . . . : 10.0.0.10586.X64/4
User name . . . . . . : HEIMSCHEISSER\Michael
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-04-12 17:09:17
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 3
Objects scanned . . . : 2.346.732
Files scanned . . . . : 82.715
Remnants scanned . . : 530.577 files / 1.733.440 keys
Malware _____________________________________________________________________
C:\Users\Michael\AppData\Local\618015D5_stp\icmac.dll
Size . . . . . . . : 152.064 bytes
Age . . . . . . . : 359.2 days (2015-04-19 11:36:38)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 852EC50A7E7AF2EA79C5B0726CFCCE118F21B48F230D334F8D04451B9CADAB46
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 106.0
Suspicious files ____________________________________________________________
C:\Users\Michael\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 138.648 bytes
Age . . . . . . . : 102.1 days (2016-01-01 15:38:13)
Entropy . . . . . : 7.7
SHA-256 . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Michael\Desktop\FRST64.exe
Size . . . . . . . : 2.375.168 bytes
Age . . . . . . . : 0.8 days (2016-04-11 21:57:22)
Entropy . . . . . : 7.6
SHA-256 . . . . . : C9FBEF3D705DA88CF2CA9C51A0DA8EDF991CE949427B77317F76888500F858C9
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\62\BEE05255648021E6.dat
0.0s C:\Users\Michael\Desktop\FRST64.exe
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (12-04-2016 17:13:25)
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael & Gast (Verfügbare Profile: Michael & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-04-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-21-3852805889-1866178090-3277109897-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.at/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2016-04-10]
CHR Extension: (BetterTTV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-04-10]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-10]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10]
CHR Extension: (Gmail offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-04-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-10]
CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-04-10]
CHR Extension: (Steam Database) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2016-04-10]
CHR Extension: (Momentum) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-04-10]
CHR Extension: (Ghostery) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-10]
CHR Extension: (YouTube Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdalpbojfdilmiboaiedicdbigdabpb [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-04-06] (NVIDIA Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-04-06] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-04-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-04-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert]
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-04-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation)
S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] ()
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-12 17:13 - 2016-04-12 17:13 - 00030592 _____ C:\Users\Michael\Desktop\FRST.txt
2016-04-12 17:08 - 2016-04-12 17:12 - 00008235 _____ C:\Users\Michael\Desktop\neue antwort.txt
2016-04-12 17:08 - 2016-04-12 17:11 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-12 14:47 - 2016-04-12 17:08 - 11441744 _____ (SurfRight B.V.) C:\Users\Michael\Desktop\HitmanPro_x64.exe
2016-04-12 14:45 - 2016-04-12 14:45 - 02870984 _____ (ESET) C:\Users\Michael\Desktop\esetsmartinstaller_deu.exe
2016-04-12 14:43 - 2016-04-12 14:43 - 00000124 _____ C:\Users\Michael\Desktop\asdasdasd.txt
2016-04-12 14:32 - 2016-04-12 14:32 - 00002873 _____ C:\Users\Michael\Desktop\Fixlog.txt
2016-04-12 09:39 - 2016-04-12 09:39 - 00000018 _____ C:\Users\Michael\Desktop\ticket pw.txt
2016-04-12 08:34 - 2016-03-02 12:39 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2016-04-12 08:34 - 2016-03-02 12:39 - 00016376 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\TVMonitor.sys
2016-04-11 22:09 - 2016-04-11 22:09 - 00000000 ____D C:\Users\Michael\Desktop\#2
2016-04-11 21:55 - 2016-04-11 21:55 - 00000000 ____D C:\Users\Michael\Desktop\#1
2016-04-11 20:05 - 2016-04-11 20:05 - 00001273 _____ C:\Users\Michael\Desktop\JRT.txt
2016-04-11 20:04 - 2016-04-11 20:04 - 01610352 _____ (Malwarebytes) C:\Users\Michael\Desktop\JRT.exe
2016-04-10 14:53 - 2016-04-10 14:53 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Ludeon Studios
2016-04-10 14:49 - 2016-04-10 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-04-10 14:28 - 2016-04-10 14:31 - 00000000 ____D C:\Users\Michael\Desktop\RimWorld1135Win
2016-04-10 14:28 - 2016-04-10 14:28 - 00000000 ____D C:\Users\Michael\Desktop\RW
2016-04-10 14:11 - 2016-04-10 14:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc
2016-04-10 12:41 - 2016-04-12 17:13 - 00000000 ____D C:\FRST
2016-04-10 12:37 - 2016-04-10 13:09 - 00115576 _____ C:\Users\Michael\Desktop\tb.txt
2016-04-10 12:36 - 2016-04-11 21:57 - 02375168 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt
2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner
2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe
2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger
2016-04-10 12:10 - 2016-04-10 12:10 - 00183744 _____ C:\Users\Michael\Desktop\MBAM.txt
2016-04-10 12:04 - 2016-04-10 14:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-10 11:21 - 2016-04-10 13:29 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft
2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts
2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini
2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs
2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos
2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA
2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt
2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506
2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts
2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther
2016-03-28 21:17 - 2016-04-11 19:59 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation
2016-03-28 21:16 - 2016-04-12 14:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-28 21:16 - 2016-04-06 02:20 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-28 21:16 - 2016-04-06 02:20 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt
2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel
2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte
2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany
2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition
2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg
2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt
2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE
2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys
2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys
2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2016-03-17 22:42 - 2016-04-12 15:38 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das
2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt
2016-03-17 21:51 - 2016-04-12 13:56 - 00000000 ____D C:\Users\Michael\ownCloud
2016-03-17 21:50 - 2016-04-12 13:56 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud
2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud
2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv
2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN
2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt
2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono
2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr
2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN
2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-12 16:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 16:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-12 15:41 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-12 15:41 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-12 15:41 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-12 15:41 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-12 15:40 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol
2016-04-12 15:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-12 15:38 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-12 14:52 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2016-04-12 14:39 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-12 14:39 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2016-04-12 14:39 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 14:38 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-12 14:37 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-12 14:32 - 2016-01-24 14:54 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Temp
2016-04-12 14:22 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-04-12 08:35 - 2015-08-19 01:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-12 08:31 - 2015-12-03 14:30 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-12 00:17 - 2015-10-18 01:57 - 00002853 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-12 00:17 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-04-11 23:00 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 19:55 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-04-11 19:25 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-11 19:25 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2016-04-10 14:49 - 2016-01-15 18:35 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-04-10 14:49 - 2015-04-11 20:34 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-04-10 14:49 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-10 14:22 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0
2016-04-10 14:16 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 13:29 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel
2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify
2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee
2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique
2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8
2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta
2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer
2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools
2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-06 02:19 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin
2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin
2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive
2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp
2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael
2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth
2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD
2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity
2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity
2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive
2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V
2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens
2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung
2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView
2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR
2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat
2015-10-18 01:57 - 2016-04-12 00:17 - 0002853 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt
2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part
2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS
2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part
2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat
2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage
2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-10 14:42
==================== Ende von FRST.txt ============================
|
|
12.04.2016, 16:23
| #8 |
| | Win10: Browser Hijacker addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
durchgeführt von Michael (2016-04-12 17:13:57)
Gestartet von C:\Users\Michael\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled)
Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast
Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox)
ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial)
Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org)
Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.67 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.67 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden
Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation)
Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com
Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop
Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B631FA9B-BEFF-4AEC-9099-56B395FA10CF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:35 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-28 21:16 - 2016-04-06 02:36 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-28 21:16 - 2016-04-06 02:34 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-28 21:16 - 2016-04-06 02:34 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-02 18:20 - 2016-02-23 10:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-03-28 21:16 - 2016-04-06 02:41 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-03-28 21:16 - 2016-04-06 02:42 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-04-11 19:59 - 2016-04-06 02:54 - 04406720 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll
2016-03-28 21:20 - 2015-06-25 17:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll
2016-03-28 21:16 - 2016-04-06 02:19 - 00391168 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll
2016-01-20 20:53 - 2016-01-20 20:53 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-20 13:06 - 2015-12-20 13:06 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-11 23:00 - 2016-04-06 04:12 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 23:00 - 2016-04-06 04:12 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-03-28 21:16 - 2016-04-06 02:42 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3852805889-1866178090-3277109897-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CEFEB503-4425-4DCE-BEB7-2198495EBAA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C2FE20BE-3C52-41E3-ACD9-1C387E0CAE5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{87331C8B-86C4-4993-AB8D-8649FDE4D277}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BBC8436F-5095-4B7F-912F-9435F687155E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9D12BDF8-6CB7-409C-B6EB-BF8664837535}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Wiederherstellungspunkte =========================
06-04-2016 16:54:46 Removed SciDaVis
06-04-2016 22:16:08 Before CCleaner
09-04-2016 18:56:39 Removed Minecraft
11-04-2016 20:04:34 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: SoftPerfect Virtual Bus
Description: SoftPerfect Virtual Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: KEG
Service: SPVDPort
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/12/2016 05:07:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:45:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:45:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:45:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:45:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:45:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (04/12/2016 02:40:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (04/12/2016 02:40:09 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (04/12/2016 02:40:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
Error: (04/12/2016 02:40:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Systemfehler:
=============
Error: (04/12/2016 03:14:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/12/2016 02:48:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/12/2016 02:48:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys
Error: (04/12/2016 02:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/12/2016 02:48:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys
Error: (04/12/2016 02:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/12/2016 02:48:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys
Error: (04/12/2016 02:46:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys
Error: (04/12/2016 02:46:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/12/2016 02:46:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
CodeIntegrity:
===================================
Date: 2016-04-10 12:24:17.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-07 21:10:32.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:27.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 23:23:01.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 22:24:36.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 21:19:04.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.623
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 8012.59 MB
Verfügbarer physikalischer RAM: 4697.96 MB
Summe virtueller Speicher: 10316.59 MB
Verfügbarer virtueller Speicher: 6460.29 MB
==================== Laufwerke ================================
Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:103.14 GB) NTFS
Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:269.97 GB) NTFS
Drive e: (eWD) (Fixed) (Total:931.51 GB) (Free:140.74 GB) NTFS
Drive f: (Volume) (Fixed) (Total:3726.02 GB) (Free:3717.13 GB) NTFS
Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2)
Partition: GPT.
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002846E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
 Die Datei C:\Avenger\taskmgr.exe lösche ich einfach einmal, oder? Keine Ahung, woher die kommt. |
|
13.04.2016, 15:12
| #9 | ||||||||||
| /// TB-Ausbilder | Win10: Browser Hijacker Servus, der Ordner C:\Avenger sollte eigentlich mit DelFix (siehe weiter unten) automatisch entfernt werden. Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\Michael\AppData\Local\618015D5_stp
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
13.04.2016, 16:34
| #10 |
| | Win10: Browser Hijacker frst: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-04-2016
durchgeführt von Michael (2016-04-13 16:53:56) Run:2
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael (Verfügbare Profile: Michael & Gast)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Michael\AppData\Local\618015D5_stp
Reboot:
end
*****************
Prozess erfolgreich geschlossen.
C:\Users\Michael\AppData\Local\618015D5_stp => erfolgreich verschoben
Das System musste neu gestartet werden.
==== Ende von Fixlog 16:53:57 ====
|
|
13.04.2016, 16:46
| #11 | |
| /// TB-Ausbilder | Win10: Browser HijackerZitat:
Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Win10: Browser Hijacker |
| askbar, browser, brwoser hijacker, canon, cpu, defender, dnsapi.dll, einstellungen, excel, explorer, google, homepage, installation, launch, monitor, mozilla, neustart, office 365, prozesse, rundll, scan, security, server, services.exe, software, stick, svchost.exe, udp, updates, usb, visual c++ 2015, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
