|
Plagegeister aller Art und deren Bekämpfung: Win10: Browser HijackerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.04.2016, 12:11 | #1 |
| Win10: Browser Hijacker Oh man, jetzt hat es mich selbst erwischt: Ich verwende Windows Defender und Chrome mit Adblock Plus, HTTPS Everywhere und Ghostery und habe mich damit immer sicher gefühlt. Nur, heute öffne ich Chrome und werde sofort zu einer Werbeseite (viceice.com) weitergeleitet. Beim Start von Edge öffnet sich sogar Chrome und Edge schließt sich wieder... Erster Scan mit MBAM erschreckt mich schon mal, über 1000 gefundene Elemente! Leider ist die Log-Datei viel zu groß, selbst für den Anhang... Neustart, Bedrohungssuchlauf, nichts mehr gefunden. Komisch finde ich aber auch "C:\Avenger\taskmgr.exe" mit 146 MB... AdwCleaner: Code:
ATTFilter # AdwCleaner v5.109 - Bericht erstellt am 10/04/2016 um 12:29:09 # Aktualisiert am 04/04/2016 von Xplode # Datenbank : 2016-04-09.1 [Server] # Betriebssystem : Windows 10 Pro (x64) # Benutzername : Michael - HEIMSCHEISSER # Gestartet von : C:\Users\Michael\Downloads\adwcleaner_5.109.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage-journal [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage [-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : voicemeeter.en.softonic.com [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : de.softonic.com [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : softonic.de [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : join-me.de.softonic.com ************************* :: "Tracing" schlüssel löschen :: Winsock Einstellungen zurückgesetzt ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4812 Bytes] - [10/04/2016 12:29:09] C:\AdwCleaner\AdwCleaner[S1].txt - [4717 Bytes] - [10/04/2016 12:28:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4958 Bytes] ########## Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (10-04-2016 12:42:42) Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael (Verfügbare Profile: Michael & Gast) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\System32\PnkBstrA.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Spotify Ltd) C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software) GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Keine Datei DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei] FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxp://www.viceice.com/ CHR StartupUrls: Default -> "hxxp://www.viceice.com/" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-10] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10] CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-25] (NVIDIA Corporation) R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-25] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-25] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-25] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.) S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech ) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert] R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation) S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation) S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC) S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] () S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] () R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation) R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation) S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation) S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-10 12:42 - 2016-04-10 12:42 - 00029056 _____ C:\Users\Michael\Desktop\FRST.txt 2016-04-10 12:41 - 2016-04-10 12:42 - 00000000 ____D C:\FRST 2016-04-10 12:37 - 2016-04-10 12:37 - 00000346 _____ C:\Users\Michael\Desktop\tb.txt 2016-04-10 12:36 - 2016-04-10 12:41 - 02374144 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt 2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner 2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe 2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger 2016-04-10 12:04 - 2016-04-10 12:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-04-10 11:21 - 2016-04-10 11:49 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft 2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts 2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini 2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs 2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree 2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos 2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4 2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA 2016-04-02 16:45 - 2016-04-09 11:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2016-04-02 13:12 - 2016-04-02 13:20 - 00590399 _____ C:\Users\Michael\Desktop\pinger.xlsx 2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt 2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506 2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts 2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther 2016-03-28 21:17 - 2016-03-28 21:17 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation 2016-03-28 21:16 - 2016-04-10 12:29 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-28 21:16 - 2016-03-25 03:49 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2016-03-28 21:16 - 2016-03-25 03:49 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-03-28 21:16 - 2016-03-25 03:48 - 01767432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2016-03-28 21:16 - 2016-03-25 03:48 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json 2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt 2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel 2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte 2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany 2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition 2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg 2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt 2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE 2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e 2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys 2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect 2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys 2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys 2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine 2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das 2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt 2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud 2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud 2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk 2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud 2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv 2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games 2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe 2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe 2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN 2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt 2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono 2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr 2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN 2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive 2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url 2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-10 12:36 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2016-04-10 12:35 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 12:35 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-10 12:35 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-10 12:35 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-10 12:29 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-10 12:29 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-04-10 12:29 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-04-10 12:29 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2016-04-10 12:29 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel 2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-10 12:13 - 2015-10-18 01:57 - 00002855 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify 2016-04-10 12:13 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee 2016-04-10 12:02 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-10 11:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-10 11:52 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2016-04-10 11:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-04-10 11:44 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net 2016-04-10 11:04 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft 2016-04-09 16:24 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique 2016-04-08 21:49 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0 2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local??????????????????? 2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8 2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++ 2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta 2016-04-07 18:38 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity 2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer 2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools 2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help 2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin 2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin 2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive 2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp 2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help 2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael 2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth 2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD 2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp 2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity 2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity 2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive 2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol 2016-03-25 03:48 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V 2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens 2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla 2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung 2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView 2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt 2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat 2015-10-18 01:57 - 2016-04-10 12:13 - 0002855 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt 2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part 2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS 2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part 2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat 2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage 2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico Einige Dateien in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\libeay32.dll C:\Users\Michael\AppData\Local\Temp\msvcr120.dll C:\Users\Michael\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-31 20:38 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 durchgeführt von Michael (2016-04-10 12:43:15) Gestartet von C:\Users\Michael\Desktop Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled) Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox) ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial) Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org) Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation) FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.49 - NVIDIA Corporation) NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation) Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - ) RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.2.49 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation) Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {BB3D1B89-F553-4912-BF86-66FEEC4624C1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] () Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2016-03-28 21:16 - 2016-03-25 03:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Wiederherstellungspunkte ========================= 06-04-2016 16:54:46 Removed SciDaVis 06-04-2016 22:16:08 Before CCleaner 09-04-2016 18:56:39 Removed Minecraft ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: SoftPerfect Virtual Bus Description: SoftPerfect Virtual Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: KEG Service: SPVDPort Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/10/2016 12:36:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1f40 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:36:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1e34 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:34:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x1cb4 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:34:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x878 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:34:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Error: (04/10/2016 12:33:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000000000071f28 ID des fehlerhaften Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0 Pfad der fehlerhaften Anwendung: nvosc.exe1 Pfad des fehlerhaften Moduls: nvosc.exe2 Berichtskennung: nvosc.exe3 Vollständiger Name des fehlerhaften Pakets: nvosc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5 Error: (04/10/2016 12:33:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: nvosc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.BadImageFormatException bei NvOscFramework.CoPlay.OscCoPlayModel..ctor() bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue() bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei OscMain.WidgetControl.Dispose(Boolean) bei OscMain.WidgetControl.Finalize() Systemfehler: ============= Error: (04/10/2016 12:31:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER) Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat Error: (04/10/2016 12:30:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER) Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NvStreamSvc erreicht. Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert. Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2016-04-10 12:24:17.829 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 21:10:32.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:31.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:27.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 23:23:01.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 22:24:36.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:19:04.726 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.707 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 26% Installierter physikalischer RAM: 8012.59 MB Verfügbarer physikalischer RAM: 5911.3 MB Summe virtueller Speicher: 10700.59 MB Verfügbarer virtueller Speicher: 8554.76 MB ==================== Laufwerke ================================ Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:104.81 GB) NTFS Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:270.22 GB) NTFS Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2) Partition: GPT. ==================== Ende von Addition.txt ============================ |
10.04.2016, 15:25 | #2 |
/// TB-Ausbilder | Win10: Browser HijackerMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Logdatei von MBAM zippen (in ein .zip Archiv packen) und mit deiner nächsten Nachricht als Anhang hochladen. Zudem noch JRT bitte: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
11.04.2016, 19:13 | #3 |
| Win10: Browser Hijacker Hallo Matthias,
__________________bitteschön: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 10 Pro x64 Ran by Michael (Administrator) on 11.04.2016 at 20:04:33,93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\Michael\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREE.EXE-9AC91406.pf (File) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.04.2016 at 20:05:42,79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
11.04.2016, 20:42 | #4 |
/// TB-Ausbilder | Win10: Browser Hijacker Servus, FRST bitte nochmal zur Kontrolle:
|
11.04.2016, 21:09 | #5 |
| Win10: Browser Hijacker FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01 durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (11-04-2016 21:57:48) Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael (Verfügbare Profile: Michael & Gast) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Windows\System32\PnkBstrA.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-04-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software) GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei] FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2016-04-10] CHR Extension: (BetterTTV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-04-10] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-10] CHR Extension: (Red Fox Snow Theme) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaadipmojdihomphfmjphmelinpdalg [2016-04-10] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10] CHR Extension: (Gmail offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-04-10] CHR Extension: (Google Play Musik) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-10] CHR Extension: (HTTPS Everywhere) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-10] CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-04-10] CHR Extension: (Citizen Ex) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfgpjihgigboplilbcehdbacklfgjlp [2016-04-10] CHR Extension: (Steam Database) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2016-04-10] CHR Extension: (Google*Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-10] CHR Extension: (Momentum) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-04-10] CHR Extension: (Ghostery) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-10] CHR Extension: (YouTube Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdalpbojfdilmiboaiedicdbigdabpb [2016-04-10] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10] CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-04-06] (NVIDIA Corporation) R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-04-06] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-04-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-04-06] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.) S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech ) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert] R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-04-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation) S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation) S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC) S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] () R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] () R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation) R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation) S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation) S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-11 21:57 - 2016-04-11 21:58 - 00031196 _____ C:\Users\Michael\Desktop\FRST.txt 2016-04-11 21:55 - 2016-04-11 21:55 - 00000000 ____D C:\Users\Michael\Desktop\#1 2016-04-11 20:05 - 2016-04-11 20:05 - 00001273 _____ C:\Users\Michael\Desktop\JRT.txt 2016-04-11 20:04 - 2016-04-11 20:04 - 01610352 _____ (Malwarebytes) C:\Users\Michael\Desktop\JRT.exe 2016-04-10 14:53 - 2016-04-10 14:53 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Ludeon Studios 2016-04-10 14:49 - 2016-04-10 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-04-10 14:28 - 2016-04-10 14:31 - 00000000 ____D C:\Users\Michael\Desktop\RimWorld1135Win 2016-04-10 14:28 - 2016-04-10 14:28 - 00000000 ____D C:\Users\Michael\Desktop\RW 2016-04-10 14:11 - 2016-04-10 14:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc 2016-04-10 12:41 - 2016-04-11 21:57 - 00000000 ____D C:\FRST 2016-04-10 12:37 - 2016-04-10 13:09 - 00115576 _____ C:\Users\Michael\Desktop\tb.txt 2016-04-10 12:36 - 2016-04-11 21:57 - 02375168 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt 2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner 2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe 2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger 2016-04-10 12:10 - 2016-04-10 12:10 - 00183744 _____ C:\Users\Michael\Desktop\MBAM.txt 2016-04-10 12:04 - 2016-04-10 14:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-04-10 11:21 - 2016-04-10 13:29 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft 2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts 2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini 2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs 2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree 2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos 2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4 2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA 2016-04-02 16:45 - 2016-04-10 13:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt 2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506 2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts 2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther 2016-03-28 21:17 - 2016-04-11 19:59 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation 2016-03-28 21:16 - 2016-04-11 20:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-28 21:16 - 2016-04-06 02:20 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2016-03-28 21:16 - 2016-04-06 02:20 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json 2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt 2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel 2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte 2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany 2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition 2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg 2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt 2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE 2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e 2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys 2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect 2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys 2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys 2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine 2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das 2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt 2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud 2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud 2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk 2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud 2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv 2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games 2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe 2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe 2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN 2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt 2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono 2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr 2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN 2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman 2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive 2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url 2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-11 21:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-04-11 20:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-11 20:59 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-11 20:12 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-11 20:12 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-11 20:12 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-11 20:12 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-11 20:06 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-11 20:06 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-04-11 20:06 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-04-11 20:06 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2016-04-11 19:55 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net 2016-04-11 19:25 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-11 19:25 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2016-04-11 02:43 - 2015-10-18 01:57 - 00002853 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-11 02:43 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2016-04-10 14:49 - 2016-01-15 18:35 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2016-04-10 14:49 - 2015-04-11 20:34 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2016-04-10 14:49 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-10 14:43 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2016-04-10 14:22 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0 2016-04-10 14:16 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-10 13:29 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity 2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel 2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify 2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee 2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique 2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8 2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++ 2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta 2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer 2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools 2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-04-06 02:19 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help 2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin 2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin 2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive 2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp 2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help 2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael 2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth 2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD 2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp 2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity 2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity 2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive 2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol 2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V 2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens 2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla 2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung 2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView 2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt 2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat 2015-10-18 01:57 - 2016-04-11 02:43 - 0002853 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt 2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part 2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS 2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part 2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat 2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage 2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico Einige Dateien in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\libeay32.dll C:\Users\Michael\AppData\Local\Temp\msvcr120.dll C:\Users\Michael\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-04-10 14:42 ==================== Ende von FRST.txt ============================ addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 durchgeführt von Michael (2016-04-11 21:58:42) Gestartet von C:\Users\Michael\Desktop Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled) Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox) ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial) Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org) Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation) FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.2.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.67 - NVIDIA Corporation) NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation) Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - ) RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.2.67 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation) Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com Task: {0BC03E6B-B3AD-446A-B67C-FBE95DD8FCF4} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] () Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-28 21:16 - 2016-04-06 02:34 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-03-28 21:16 - 2016-04-06 02:34 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll 2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-03-28 21:16 - 2016-04-06 02:41 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2016-03-28 21:16 - 2016-04-06 02:42 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2016-04-11 19:59 - 2016-04-06 02:54 - 04406720 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 00391168 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll 2016-04-09 11:27 - 2016-04-08 13:53 - 31407296 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2016-03-28 21:16 - 2016-04-06 02:42 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Wiederherstellungspunkte ========================= 06-04-2016 16:54:46 Removed SciDaVis 06-04-2016 22:16:08 Before CCleaner 09-04-2016 18:56:39 Removed Minecraft 11-04-2016 20:04:34 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: SoftPerfect Virtual Bus Description: SoftPerfect Virtual Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: KEG Service: SPVDPort Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (04/11/2016 08:07:21 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8 Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (04/11/2016 08:07:21 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/11/2016 08:04:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (04/11/2016 08:00:37 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8 Error: (04/11/2016 08:00:37 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Systemfehler: ============= Error: (04/11/2016 09:59:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (04/11/2016 08:33:48 PM) (Source: HTTP) (EventID: 15005) (User: ) Description: [::]:2869 Error: (04/11/2016 08:33:48 PM) (Source: HTTP) (EventID: 15005) (User: ) Description: [::]:2869 Error: (04/11/2016 08:06:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert. Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/11/2016 08:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_45193" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/11/2016 08:06:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/11/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2016-04-10 12:24:17.829 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 21:10:32.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:31.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:27.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 23:23:01.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 22:24:36.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:19:04.726 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.707 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 37% Installierter physikalischer RAM: 8012.59 MB Verfügbarer physikalischer RAM: 4993.04 MB Summe virtueller Speicher: 10572.59 MB Verfügbarer virtueller Speicher: 6733.99 MB ==================== Laufwerke ================================ Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:103.23 GB) NTFS Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:269.97 GB) NTFS Drive e: (eWD) (Fixed) (Total:931.51 GB) (Free:155.74 GB) NTFS Drive f: (USB-BOOT64) (Fixed) (Total:31.98 GB) (Free:31.48 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive g: (USB-Daten64) (Fixed) (Total:3694.02 GB) (Free:3646.21 GB) NTFS Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2) Partition: GPT. ======================================================== Disk: 2 (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002846E) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
12.04.2016, 13:21 | #6 |
/// TB-Ausbilder | Win10: Browser Hijacker Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Bitte setze deine Brower wie folgt zurück: IE ::: Setze folgendermassen den Internet Explorer zurück:
FF ::: setze bitte Firefox wie folgt zurück: Firefox zurücksetzen CHR::: Setze Google Chrome nach dieser Anleitung zurück. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
12.04.2016, 16:22 | #7 |
| Win10: Browser Hijacker Erledigt, nur Firefox habe ich schon länger nicht mehr installiert. fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 durchgeführt von Michael (2016-04-12 14:32:27) Run:1 Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael & Gast (Verfügbare Profile: Michael & Gast) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG CHR StartupUrls: Default -> "hxxp://google.at/","hxxp://www.viceice.com/" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end ***************** Prozess erfolgreich geschlossen. "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Schlüssel erfolgreich entfernt C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User => erfolgreich verschoben C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben "HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt Chrome StartupUrls => erfolgreich entfernt "HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe" => Schlüssel erfolgreich entfernt ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt ========= Ende von RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Aufl�sungscache wurde geleert. ========= Ende von CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zur�ckgesetzt. Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en. ========= Ende von CMD: ========= EmptyTemp: => 906.2 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 14:32:45 ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5 # end=init # utc_time=2016-04-12 12:45:57 # local_time=2016-04-12 02:45:57 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 29024 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5 # end=updated # utc_time=2016-04-12 12:48:08 # local_time=2016-04-12 02:48:08 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=aeb077ed9393e940b7d8eb8c42c480d5 # engine=29024 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-04-12 03:03:10 # local_time=2016-04-12 05:03:10 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 8396 14287533 0 0 # scanned=289049 # found=3 # cleaned=0 # scan_time=8101 sh=B147F7D44153FA8034DF292A673965438F5E2C9F ft=1 fh=2fc806f6b217b8c9 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\AppData\Local\618015D5_stp\icmac.dll" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="E:\beni5_000.rar" sh=565B645851C49C4FB5CF1AF90540A4129033CE66 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.SpeedingUpMyPC.AM Anwendung" ac=I fn="E:\OS\Hiren's.BootCD.15.2_FINAL.iso" Code:
ATTFilter HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : HEIMSCHEISSER Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : HEIMSCHEISSER\Michael UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-04-12 17:09:17 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 5s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 2.346.732 Files scanned . . . . : 82.715 Remnants scanned . . : 530.577 files / 1.733.440 keys Malware _____________________________________________________________________ C:\Users\Michael\AppData\Local\618015D5_stp\icmac.dll Size . . . . . . . : 152.064 bytes Age . . . . . . . : 359.2 days (2015-04-19 11:36:38) Entropy . . . . . : 6.6 SHA-256 . . . . . : 852EC50A7E7AF2EA79C5B0726CFCCE118F21B48F230D334F8D04451B9CADAB46 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 106.0 Suspicious files ____________________________________________________________ C:\Users\Michael\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys Size . . . . . . . : 138.648 bytes Age . . . . . . . : 102.1 days (2016-01-01 15:38:13) Entropy . . . . . : 7.7 SHA-256 . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Michael\Desktop\FRST64.exe Size . . . . . . . : 2.375.168 bytes Age . . . . . . . : 0.8 days (2016-04-11 21:57:22) Entropy . . . . . : 7.6 SHA-256 . . . . . : C9FBEF3D705DA88CF2CA9C51A0DA8EDF991CE949427B77317F76888500F858C9 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\62\BEE05255648021E6.dat 0.0s C:\Users\Michael\Desktop\FRST64.exe FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01 durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (12-04-2016 17:13:25) Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael & Gast (Verfügbare Profile: Michael & Gast) Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe () C:\Windows\System32\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-04-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka) HKU\S-1-5-21-3852805889-1866178090-3277109897-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei] FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.at/" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2016-04-10] CHR Extension: (BetterTTV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-04-10] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-10] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10] CHR Extension: (Gmail offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-04-10] CHR Extension: (HTTPS Everywhere) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-10] CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-04-10] CHR Extension: (Steam Database) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2016-04-10] CHR Extension: (Momentum) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-04-10] CHR Extension: (Ghostery) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-10] CHR Extension: (YouTube Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdalpbojfdilmiboaiedicdbigdabpb [2016-04-10] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10] CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-04-06] (NVIDIA Corporation) R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-04-06] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-04-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-04-06] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.) S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech ) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert] R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.) S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert] S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-04-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation) S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation) S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC) S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] () R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] () R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation) R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation) S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation) S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-12 17:13 - 2016-04-12 17:13 - 00030592 _____ C:\Users\Michael\Desktop\FRST.txt 2016-04-12 17:08 - 2016-04-12 17:12 - 00008235 _____ C:\Users\Michael\Desktop\neue antwort.txt 2016-04-12 17:08 - 2016-04-12 17:11 - 00000000 ____D C:\ProgramData\HitmanPro 2016-04-12 14:47 - 2016-04-12 17:08 - 11441744 _____ (SurfRight B.V.) C:\Users\Michael\Desktop\HitmanPro_x64.exe 2016-04-12 14:45 - 2016-04-12 14:45 - 02870984 _____ (ESET) C:\Users\Michael\Desktop\esetsmartinstaller_deu.exe 2016-04-12 14:43 - 2016-04-12 14:43 - 00000124 _____ C:\Users\Michael\Desktop\asdasdasd.txt 2016-04-12 14:32 - 2016-04-12 14:32 - 00002873 _____ C:\Users\Michael\Desktop\Fixlog.txt 2016-04-12 09:39 - 2016-04-12 09:39 - 00000018 _____ C:\Users\Michael\Desktop\ticket pw.txt 2016-04-12 08:34 - 2016-03-02 12:39 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys 2016-04-12 08:34 - 2016-03-02 12:39 - 00016376 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\TVMonitor.sys 2016-04-11 22:09 - 2016-04-11 22:09 - 00000000 ____D C:\Users\Michael\Desktop\#2 2016-04-11 21:55 - 2016-04-11 21:55 - 00000000 ____D C:\Users\Michael\Desktop\#1 2016-04-11 20:05 - 2016-04-11 20:05 - 00001273 _____ C:\Users\Michael\Desktop\JRT.txt 2016-04-11 20:04 - 2016-04-11 20:04 - 01610352 _____ (Malwarebytes) C:\Users\Michael\Desktop\JRT.exe 2016-04-10 14:53 - 2016-04-10 14:53 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Ludeon Studios 2016-04-10 14:49 - 2016-04-10 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-04-10 14:28 - 2016-04-10 14:31 - 00000000 ____D C:\Users\Michael\Desktop\RimWorld1135Win 2016-04-10 14:28 - 2016-04-10 14:28 - 00000000 ____D C:\Users\Michael\Desktop\RW 2016-04-10 14:11 - 2016-04-10 14:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Sony Creative Software Inc 2016-04-10 12:41 - 2016-04-12 17:13 - 00000000 ____D C:\FRST 2016-04-10 12:37 - 2016-04-10 13:09 - 00115576 _____ C:\Users\Michael\Desktop\tb.txt 2016-04-10 12:36 - 2016-04-11 21:57 - 02375168 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt 2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner 2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe 2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger 2016-04-10 12:10 - 2016-04-10 12:10 - 00183744 _____ C:\Users\Michael\Desktop\MBAM.txt 2016-04-10 12:04 - 2016-04-10 14:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-04-10 11:21 - 2016-04-10 13:29 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft 2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts 2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini 2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs 2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos 2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4 2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA 2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt 2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506 2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts 2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther 2016-03-28 21:17 - 2016-04-11 19:59 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation 2016-03-28 21:16 - 2016-04-12 14:38 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-28 21:16 - 2016-04-06 02:20 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2016-03-28 21:16 - 2016-04-06 02:20 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json 2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt 2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel 2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte 2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany 2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition 2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg 2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt 2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE 2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e 2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys 2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect 2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys 2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys 2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory 2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine 2016-03-17 22:42 - 2016-04-12 15:38 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das 2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt 2016-03-17 21:51 - 2016-04-12 13:56 - 00000000 ____D C:\Users\Michael\ownCloud 2016-03-17 21:50 - 2016-04-12 13:56 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud 2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk 2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud 2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv 2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games 2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll 2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe 2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe 2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN 2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt 2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org 2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator 2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono 2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono 2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr 2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN 2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-12 16:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-12 16:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-04-12 15:41 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-12 15:41 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-12 15:41 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-12 15:41 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-12 15:40 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol 2016-04-12 15:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2016-04-12 15:38 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-12 14:52 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2016-04-12 14:39 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-04-12 14:39 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2016-04-12 14:39 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-12 14:38 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-12 14:37 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-04-12 14:32 - 2016-01-24 14:54 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Temp 2016-04-12 14:22 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2016-04-12 08:35 - 2015-08-19 01:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-04-12 08:31 - 2015-12-03 14:30 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-04-12 00:17 - 2015-10-18 01:57 - 00002853 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-12 00:17 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2016-04-11 23:00 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-11 19:55 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net 2016-04-11 19:25 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-11 19:25 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2016-04-10 14:49 - 2016-01-15 18:35 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2016-04-10 14:49 - 2015-04-11 20:34 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2016-04-10 14:49 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-10 14:22 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0 2016-04-10 14:16 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-10 13:29 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity 2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel 2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify 2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify 2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee 2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion 2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique 2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8 2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++ 2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta 2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer 2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools 2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-04-06 02:19 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help 2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin 2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin 2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive 2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp 2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help 2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael 2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth 2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD 2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp 2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity 2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity 2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity 2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive 2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V 2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens 2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla 2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla 2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung 2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView 2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR 2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini 2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat 2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat 2015-10-18 01:57 - 2016-04-12 00:17 - 0002853 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml 2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt 2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part 2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS 2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part 2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS 2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part 2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat 2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage 2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-04-10 14:42 ==================== Ende von FRST.txt ============================ |
12.04.2016, 16:23 | #8 |
| Win10: Browser Hijacker addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 durchgeführt von Michael (2016-04-12 17:13:57) Gestartet von C:\Users\Michael\Desktop Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled) Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox) ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial) Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org) Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation) FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.2.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.67 - NVIDIA Corporation) NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation) Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - ) RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.2.67 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation) Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {B631FA9B-BEFF-4AEC-9099-56B395FA10CF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] () Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation) Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.) Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:35 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-03-28 21:16 - 2016-04-06 02:36 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-03-28 21:16 - 2016-04-06 02:34 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-03-28 21:16 - 2016-04-06 02:34 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-03-02 18:20 - 2016-02-23 10:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-03-28 21:16 - 2016-04-06 02:41 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2016-03-28 21:16 - 2016-04-06 02:42 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2016-04-11 19:59 - 2016-04-06 02:54 - 04406720 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll 2016-03-28 21:20 - 2015-06-25 17:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll 2016-03-28 21:16 - 2016-04-06 02:19 - 00391168 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll 2016-01-20 20:53 - 2016-01-20 20:53 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-20 13:06 - 2015-12-20 13:06 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-04-11 23:00 - 2016-04-06 04:12 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-11 23:00 - 2016-04-06 04:12 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2016-03-28 21:16 - 2016-04-06 02:42 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-3852805889-1866178090-3277109897-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk" HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CEFEB503-4425-4DCE-BEB7-2198495EBAA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C2FE20BE-3C52-41E3-ACD9-1C387E0CAE5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{87331C8B-86C4-4993-AB8D-8649FDE4D277}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BBC8436F-5095-4B7F-912F-9435F687155E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9D12BDF8-6CB7-409C-B6EB-BF8664837535}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Wiederherstellungspunkte ========================= 06-04-2016 16:54:46 Removed SciDaVis 06-04-2016 22:16:08 Before CCleaner 09-04-2016 18:56:39 Removed Minecraft 11-04-2016 20:04:34 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: SoftPerfect Virtual Bus Description: SoftPerfect Virtual Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: KEG Service: SPVDPort Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/12/2016 05:07:18 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:45:55 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:45:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:45:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:45:51 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:45:43 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/12/2016 02:40:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (04/12/2016 02:40:09 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/12/2016 02:40:09 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8 Error: (04/12/2016 02:40:09 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Systemfehler: ============= Error: (04/12/2016 03:14:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/12/2016 02:48:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (04/12/2016 02:48:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys Error: (04/12/2016 02:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (04/12/2016 02:48:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys Error: (04/12/2016 02:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (04/12/2016 02:48:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys Error: (04/12/2016 02:46:48 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Michael\AppData\Local\Temp\ehdrv.sys Error: (04/12/2016 02:46:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (04/12/2016 02:46:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 CodeIntegrity: =================================== Date: 2016-04-10 12:24:17.829 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 21:10:32.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:31.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:08:27.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 23:23:01.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 22:24:36.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 21:19:04.726 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.707 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-25 21:19:04.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 41% Installierter physikalischer RAM: 8012.59 MB Verfügbarer physikalischer RAM: 4697.96 MB Summe virtueller Speicher: 10316.59 MB Verfügbarer virtueller Speicher: 6460.29 MB ==================== Laufwerke ================================ Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:103.14 GB) NTFS Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:269.97 GB) NTFS Drive e: (eWD) (Fixed) (Total:931.51 GB) (Free:140.74 GB) NTFS Drive f: (Volume) (Fixed) (Total:3726.02 GB) (Free:3717.13 GB) NTFS Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2) Partition: GPT. ======================================================== Disk: 2 (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002846E) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Die Datei C:\Avenger\taskmgr.exe lösche ich einfach einmal, oder? Keine Ahung, woher die kommt. |
13.04.2016, 15:12 | #9 | ||||||||||
/// TB-Ausbilder | Win10: Browser Hijacker Servus, der Ordner C:\Avenger sollte eigentlich mit DelFix (siehe weiter unten) automatisch entfernt werden. Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: C:\Users\Michael\AppData\Local\618015D5_stp Reboot: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup: Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank: Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
13.04.2016, 16:34 | #10 |
| Win10: Browser Hijacker frst: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-04-2016 durchgeführt von Michael (2016-04-13 16:53:56) Run:2 Gestartet von C:\Users\Michael\Desktop Geladene Profile: Michael (Verfügbare Profile: Michael & Gast) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: C:\Users\Michael\AppData\Local\618015D5_stp Reboot: end ***************** Prozess erfolgreich geschlossen. C:\Users\Michael\AppData\Local\618015D5_stp => erfolgreich verschoben Das System musste neu gestartet werden. ==== Ende von Fixlog 16:53:57 ==== |
13.04.2016, 16:46 | #11 | |
/// TB-Ausbilder | Win10: Browser HijackerZitat:
Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Win10: Browser Hijacker |
askbar, browser, brwoser hijacker, canon, cpu, defender, dnsapi.dll, einstellungen, excel, explorer, google, homepage, installation, launch, monitor, mozilla, neustart, office 365, prozesse, rundll, scan, security, server, services.exe, software, stick, svchost.exe, udp, updates, usb, visual c++ 2015, windows |