![]() |
|
Plagegeister aller Art und deren Bekämpfung: Win10: Browser HijackerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Win10: Browser Hijacker Oh man, jetzt hat es mich selbst erwischt: Ich verwende Windows Defender und Chrome mit Adblock Plus, HTTPS Everywhere und Ghostery und habe mich damit immer sicher gefühlt. Nur, heute öffne ich Chrome und werde sofort zu einer Werbeseite (viceice.com) weitergeleitet. Beim Start von Edge öffnet sich sogar Chrome und Edge schließt sich wieder... Erster Scan mit MBAM erschreckt mich schon mal, über 1000 gefundene Elemente! Leider ist die Log-Datei viel zu groß, selbst für den Anhang... Neustart, Bedrohungssuchlauf, nichts mehr gefunden. Komisch finde ich aber auch "C:\Avenger\taskmgr.exe" mit 146 MB... AdwCleaner: Code:
ATTFilter # AdwCleaner v5.109 - Bericht erstellt am 10/04/2016 um 12:29:09 # Aktualisiert am 04/04/2016 von Xplode # Datenbank : 2016-04-09.1 [Server] # Betriebssystem : Windows 10 Pro (x64) # Benutzername : Michael - HEIMSCHEISSER # Gestartet von : C:\Users\Michael\Downloads\adwcleaner_5.109.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : voicemeeter.en.softonic.com [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : de.softonic.com [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : softonic.de [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : join-me.de.softonic.com ************************* :: "Tracing" schlüssel löschen :: Winsock Einstellungen zurückgesetzt ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4812 Bytes] - [10/04/2016 12:29:09] C:\AdwCleaner\AdwCleaner[S1].txt - [4717 Bytes] - [10/04/2016 12:28:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4958 Bytes] ########## Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (10-04-2016 12:42:42) Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael (Verfügbare Profile: Michael & Gast) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\System32\PnkBstrA.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Spotify Ltd) C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software) GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Keine Datei DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei] FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.viceice.com/ CHR StartupUrls: Default -> "hxxp://www.viceice.com/" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-10] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10] CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-25] (NVIDIA Corporation) R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-25] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-25] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-25] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.) S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech ) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert] R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation) S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation) S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC) S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] () S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] () R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation) R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation) S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation) S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-10 12:42 - 2016-04-10 12:42 - 00029056 _____ C:\Users\Michael\Desktop\FRST.txt 2016-04-10 12:41 - 2016-04-10 12:42 - 00000000 ____D C:\FRST 2016-04-10 12:37 - 2016-04-10 12:37 - 00000346 _____ C:\Users\Michael\Desktop\tb.txt 2016-04-10 12:36 - 2016-04-10 12:41 - 02374144 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt 2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner 2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe 2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger 2016-04-10 12:04 - 2016-04-10 12:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-04-10 11:21 - 2016-04-10 11:49 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft 2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts 2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini 2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs 2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree 2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos 2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4 2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA 2016-04-02 16:45 - 2016-04-09 11:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2016-04-02 13:12 - 2016-04-02 13:20 - 00590399 _____ C:\Users\Michael\Desktop\pinger.xlsx 2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt 2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506 2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts 2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther 2016-03-28 21:17 - 2016-03-28 21:17 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation 2016-03-28 21:16 - 2016-04-10 12:29 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-28 21:16 - 2016-03-25 03:49 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2016-03-28 21:16 - 2016-03-25 03:49 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-03-28 21:16 - 2016-03-25 03:48 - 01767432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2016-03-28 21:16 - 2016-03-25 03:48 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json 2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt 2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel 2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte 2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany 2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition 2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg 2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt 2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE 2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e 2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys 2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect 2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys 2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys 2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine 2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das 2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt 2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud 2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud 2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk 2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud 2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv 2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games 2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe 2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe 2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN 2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt 2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono 2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr 2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN 2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive 2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url 2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-10 12:36 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2016-04-10 12:35 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 12:35 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-10 12:35 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-10 12:35 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-10 12:29 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-10 12:29 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-04-10 12:29 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-04-10 12:29 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2016-04-10 12:29 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel 2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-10 12:13 - 2015-10-18 01:57 - 00002855 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify 2016-04-10 12:13 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee 2016-04-10 12:02 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-10 11:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-10 11:52 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2016-04-10 11:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-04-10 11:44 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net 2016-04-10 11:04 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft 2016-04-09 16:24 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique 2016-04-08 21:49 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0 2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local??????????????????? 2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8 2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++ 2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta 2016-04-07 18:38 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity 2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer 2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools 2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help 2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin 2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin 2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive 2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp 2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help 2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael 2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth 2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD 2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp 2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity 2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity 2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive 2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol 2016-03-25 03:48 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V 2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens 2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla 2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung 2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView 2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt 2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat 2015-10-18 01:57 - 2016-04-10 12:13 - 0002855 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt 2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part 2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS 2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part 2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat 2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage 2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico Einige Dateien in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\libeay32.dll C:\Users\Michael\AppData\Local\Temp\msvcr120.dll C:\Users\Michael\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-31 20:38 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 durchgeführt von Michael (2016-04-10 12:43:15) Gestartet von C:\Users\Michael\Desktop Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled) Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox) ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial) Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org) Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation) FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.49 - NVIDIA Corporation) NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation) Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - ) RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.2.49 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation) Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {BB3D1B89-F553-4912-BF86-66FEEC4624C1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] () Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Wiederherstellungspunkte ========================= 06-04-2016 16:54:46 Removed SciDaVis 06-04-2016 22:16:08 Before CCleaner 09-04-2016 18:56:39 Removed Minecraft ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: SoftPerfect Virtual Bus Description: SoftPerfect Virtual Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: KEG Service: SPVDPort Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/10/2016 12:36:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1f40 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:36:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1e34 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:34:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1cb4 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:34:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x878 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:34:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:33:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:33:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Systemfehler: ============= Error: (04/10/2016 12:31:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER) Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat Error: (04/10/2016 12:30:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER) Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NvStreamSvc erreicht. Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert. Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2016-04-10 12:24:17.829 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 21:10:32.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:31.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:27.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 23:23:01.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 22:24:36.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:19:04.726 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.707 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 26% Installierter physikalischer RAM: 8012.59 MB Verfügbarer physikalischer RAM: 5911.3 MB Summe virtueller Speicher: 10700.59 MB Verfügbarer virtueller Speicher: 8554.76 MB ==================== Laufwerke ================================ Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:104.81 GB) NTFS Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:270.22 GB) NTFS Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2) Partition: GPT. ==================== Ende von Addition.txt ============================ |
Themen zu Win10: Browser Hijacker |
askbar, browser, brwoser hijacker, canon, cpu, defender, dnsapi.dll, einstellungen, excel, explorer, google, homepage, installation, launch, monitor, mozilla, neustart, office 365, prozesse, rundll, scan, security, server, services.exe, software, stick, svchost.exe, udp, updates, usb, visual c++ 2015, windows |