| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win10: Browser HijackerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.04.2016, 12:11
| #1 |
 |  Win10: Browser Hijacker Oh man, jetzt hat es mich selbst erwischt: Ich verwende Windows Defender und Chrome mit Adblock Plus, HTTPS Everywhere und Ghostery und habe mich damit immer sicher gefühlt. Nur, heute öffne ich Chrome und werde sofort zu einer Werbeseite (viceice.com) weitergeleitet. Beim Start von Edge öffnet sich sogar Chrome und Edge schließt sich wieder... Erster Scan mit MBAM erschreckt mich schon mal, über 1000 gefundene Elemente! Leider ist die Log-Datei viel zu groß, selbst für den Anhang... Neustart, Bedrohungssuchlauf, nichts mehr gefunden. Komisch finde ich aber auch "C:\Avenger\taskmgr.exe" mit 146 MB... AdwCleaner: Code:
ATTFilter # AdwCleaner v5.109 - Bericht erstellt am 10/04/2016 um 12:29:09
# Aktualisiert am 04/04/2016 von Xplode
# Datenbank : 2016-04-09.1 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Michael - HEIMSCHEISSER
# Gestartet von : C:\Users\Michael\Downloads\adwcleaner_5.109.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetcmsus-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bnetproductus-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_eaassets-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-c-a.akamaihd.net_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.xyfindit.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_artikel.de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_grandtheftdata.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_join-me.de.softonic.com_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.paralysm.de_0.localstorage-journal
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage
[-] Datei gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xyfindit.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : voicemeeter.en.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : de.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : softonic.de
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : join-me.de.softonic.com
*************************
:: "Tracing" schlüssel löschen
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4812 Bytes] - [10/04/2016 12:29:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [4717 Bytes] - [10/04/2016 12:28:06]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4958 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Michael (Administrator) auf HEIMSCHEISSER (10-04-2016 12:42:42)
Gestartet von C:\Users\Michael\Desktop
Geladene Profile: Michael (Verfügbare Profile: Michael & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Spotify Ltd) C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2015-08-18] (VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Run: [Spotify Web Helper] => C:\Users\Michael\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-02] (Spotify Ltd)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNAPMA~1.SCR [1016438 2015-03-16] (Jan Kolarik & Ondrej Vaverka)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-01-18] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-25]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2015-10-18]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicyUsers\S-1-5-21-3852805889-1866178090-3277109897-1001\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18e177db-5020-4169-a275-a261e9b7a852}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1dfe109d-b3d0-4acd-a2eb-0edc7be3d320}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{59924253-7916-40c6-ba08-d15750886fc9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Keine Datei
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1442757218682
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ktigdchg.default
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3852805889-1866178090-3277109897-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.viceice.com/
CHR StartupUrls: Default -> "hxxp://www.viceice.com/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-02-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-26] (Dropbox, Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-20] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-25] (NVIDIA Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-16] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-25] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-02] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-01] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-30] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-16] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2016-02-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-08-23] (Google Inc) [Datei ist nicht signiert]
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [216576 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2016-02-16] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [117248 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114560 2015-08-14] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-16] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-16] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-16] (Microsoft Corporation)
S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-16] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S2 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [246248 2015-10-29] ()
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-16] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-18] (Windows (R) Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-16] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-16] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-02-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S1 lfivrnpk; \??\C:\WINDOWS\system32\drivers\lfivrnpk.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-10 12:42 - 2016-04-10 12:42 - 00029056 _____ C:\Users\Michael\Desktop\FRST.txt
2016-04-10 12:41 - 2016-04-10 12:42 - 00000000 ____D C:\FRST
2016-04-10 12:37 - 2016-04-10 12:37 - 00000346 _____ C:\Users\Michael\Desktop\tb.txt
2016-04-10 12:36 - 2016-04-10 12:41 - 02374144 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-04-10 12:30 - 2016-04-10 12:30 - 00005040 _____ C:\Users\Michael\Desktop\AdwCleaner[C1].txt
2016-04-10 12:27 - 2016-04-10 12:29 - 00000000 ____D C:\AdwCleaner
2016-04-10 12:27 - 2016-04-10 12:27 - 03119168 _____ C:\Users\Michael\Desktop\adwcleaner_5.109.exe
2016-04-10 12:13 - 2016-04-10 12:13 - 00000000 ____D C:\Avenger
2016-04-10 12:04 - 2016-04-10 12:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 12:04 - 2016-04-10 12:06 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-04-10 12:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-10 12:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-10 12:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-10 11:58 - 2016-04-10 11:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-04-10 11:21 - 2016-04-10 11:49 - 00000000 ____D C:\Users\Michael\Desktop\HearthStone Heroes of Warcraft
2016-04-07 21:06 - 2016-04-08 21:50 - 00000000 ____D C:\Users\Michael\Documents\Electronic Arts
2016-04-07 20:25 - 2016-04-07 20:25 - 00041523 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-04-07 20:08 - 2016-04-07 20:43 - 00000043 _____ C:\WINDOWS\gswin32.ini
2016-04-07 20:07 - 2016-04-07 20:07 - 00000000 ____D C:\Program Files (x86)\gs
2016-04-07 16:38 - 2016-04-07 18:09 - 00000009 _____ C:\Users\Michael\AppData\Roaming\update.dat
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 15:46 - 2016-04-07 15:46 - 05044480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-06 20:47 - 2016-04-09 18:59 - 00000000 ____D C:\Users\Michael\Desktop\TreeSizeFree
2016-04-06 17:51 - 2016-04-08 21:28 - 00000000 ____D C:\Users\Michael\Desktop\Kamera Videos
2016-04-05 15:48 - 2016-04-05 15:48 - 22946503 _____ C:\Users\Michael\Desktop\21984137.480p.mp4
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\Michael\AppData\Roaming\NVIDIA
2016-04-02 16:45 - 2016-04-09 11:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2016-04-02 13:12 - 2016-04-02 13:20 - 00590399 _____ C:\Users\Michael\Desktop\pinger.xlsx
2016-04-02 11:03 - 2016-04-02 11:03 - 00000117 _____ C:\Users\Michael\Desktop\hhhr.txt
2016-04-02 10:44 - 2016-04-02 10:48 - 00000000 ____D C:\Users\Michael\Desktop\hrping-v506
2016-04-01 21:43 - 2016-04-01 21:45 - 00000000 ____D C:\Users\Michael\Desktop\Indie Fonts
2016-03-31 19:04 - 2016-03-31 19:05 - 00000000 ____D C:\WINDOWS\Panther
2016-03-28 21:17 - 2016-03-28 21:17 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation
2016-03-28 21:16 - 2016-04-10 12:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\NVIDIA
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-28 21:16 - 2016-03-25 03:49 - 01373864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-28 21:16 - 2016-03-25 03:49 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-28 21:16 - 2016-03-25 03:48 - 01767432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-28 21:16 - 2016-03-25 03:48 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-28 21:16 - 2016-03-22 03:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-28 21:15 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-28 21:15 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-28 21:15 - 2016-03-18 13:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-28 21:14 - 2016-03-28 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-28 21:14 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-28 21:14 - 2016-03-24 13:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-28 21:14 - 2016-03-24 13:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-28 21:14 - 2016-03-22 06:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-28 21:14 - 2016-03-22 06:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-28 21:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-28 21:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-27 15:44 - 2016-03-27 15:44 - 00000046 _____ C:\Users\Michael\Desktop\bla.txt
2016-03-26 00:22 - 2016-03-26 00:22 - 00000000 ____D C:\Users\Michael\Intel
2016-03-25 23:40 - 2016-04-05 19:05 - 00000000 ____D C:\Users\Michael\Desktop\komische Projekte
2016-03-25 23:39 - 2016-03-25 23:39 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\DefaultCompany
2016-03-25 22:46 - 2016-03-26 22:50 - 00000000 ____D C:\Users\Michael\Documents\Bully Scholarship Edition
2016-03-25 20:55 - 2016-03-25 20:55 - 00008206 _____ C:\Users\Michael\Desktop\SMPTE_Color_Bars_16x9.svg
2016-03-20 17:24 - 2016-03-20 17:24 - 00000029 _____ C:\Users\Michael\Desktop\bn.txt
2016-03-20 13:02 - 2016-03-20 13:30 - 00000000 ____D C:\Users\Michael\Desktop\KLTE
2016-03-20 01:17 - 2016-03-20 01:17 - 00002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-03-20 01:17 - 2016-03-20 01:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-20 01:16 - 2016-03-20 01:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-19 02:47 - 2016-03-19 02:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-03-19 02:47 - 2013-07-18 07:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
2016-03-18 23:10 - 2016-03-18 23:10 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-03-18 23:10 - 2015-10-29 17:02 - 00246248 _____ C:\WINDOWS\system32\Drivers\spvve.sys
2016-03-18 23:10 - 2015-10-29 17:02 - 00097768 _____ C:\WINDOWS\system32\Drivers\spvdbus.sys
2016-03-18 20:53 - 2016-04-02 13:35 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Victory
2016-03-18 20:53 - 2016-03-18 20:53 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2016-03-17 22:42 - 2016-03-17 22:46 - 00000000 ____D C:\Users\Michael\Desktop\brauch ich das
2016-03-17 22:32 - 2016-03-17 22:32 - 00000077 _____ C:\Users\Michael\Desktop\sdfsdfsdf.txt
2016-03-17 21:51 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\ownCloud
2016-03-17 21:50 - 2016-03-18 18:10 - 00000000 ____D C:\Users\Michael\AppData\Local\ownCloud
2016-03-17 21:49 - 2016-03-17 21:49 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2016-03-17 21:49 - 2016-03-17 21:49 - 00000000 ____D C:\Program Files (x86)\ownCloud
2016-03-17 19:53 - 2016-03-17 19:53 - 00002338 _____ C:\Users\Michael\Desktop\Kontoaktivitäten_201510_201603.csv
2016-03-17 18:02 - 2016-03-17 18:02 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-16 23:30 - 2016-03-16 23:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll
2016-03-16 23:29 - 2016-03-16 23:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 23:28 - 2016-03-16 23:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-15 20:38 - 2016-03-17 00:08 - 00000000 ____D C:\Program Files\OpenVPN
2016-03-15 20:33 - 2016-03-20 00:33 - 00000061 _____ C:\Users\Michael\Desktop\fj.txt
2016-03-15 20:33 - 2016-03-15 20:34 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org
2016-03-15 20:11 - 2016-03-25 23:23 - 00000000 ____D C:\Program Files\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cryptomator
2016-03-15 20:11 - 2016-03-15 20:11 - 00000000 ____D C:\Users\Michael\.oracle_jre_usage
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.mono
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\.mono
2016-03-15 19:05 - 2016-03-15 19:05 - 00000000 ____D C:\Users\Michael\AppData\Local\openvr
2016-03-14 20:12 - 2016-03-14 20:12 - 00000000 ____D C:\Users\Michael\AppData\Local\ESN
2016-03-13 16:45 - 2016-01-08 10:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-03-13 16:45 - 2016-01-08 10:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\hitman
2016-03-12 20:34 - 2016-03-12 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\IO Interactive
2016-03-12 19:39 - 2016-03-12 19:39 - 00000222 _____ C:\Users\Michael\Desktop\HITMAN.url
2016-03-12 16:47 - 2016-03-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-10 12:36 - 2016-01-22 19:16 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-04-10 12:35 - 2016-01-15 18:36 - 02003186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 12:35 - 2015-10-30 20:35 - 00852678 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-10 12:35 - 2015-10-30 20:35 - 00187904 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-10 12:35 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-10 12:29 - 2016-01-15 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 12:29 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 12:29 - 2015-09-26 13:41 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-10 12:29 - 2015-09-25 19:00 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2016-04-10 12:29 - 2015-04-10 13:22 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 12:13 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Intel
2016-04-10 12:13 - 2015-11-21 11:28 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-10 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 12:13 - 2015-10-18 01:57 - 00002855 _____ C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify
2016-04-10 12:13 - 2015-05-07 16:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify
2016-04-10 12:13 - 2015-04-12 18:07 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-04-10 12:03 - 2015-11-21 11:28 - 00000000 ____D C:\ProgramData\McAfee
2016-04-10 12:02 - 2015-04-10 12:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-10 11:59 - 2015-04-10 13:22 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:52 - 2015-04-11 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2016-04-10 11:46 - 2015-09-26 13:41 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-10 11:44 - 2015-04-12 19:14 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-04-10 11:04 - 2015-04-12 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 11:00 - 2016-01-06 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-09 18:57 - 2016-01-15 19:22 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-09 16:24 - 2015-04-11 14:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.minion
2016-04-08 23:12 - 2015-11-27 20:15 - 00000000 ____D C:\Users\Michael\.junique
2016-04-08 21:49 - 2015-04-21 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader 2.0
2016-04-08 19:41 - 2016-02-13 00:35 - 00000080 _____ C:\Users\Michael\AppData\Local???????????????????
2016-04-08 17:43 - 2016-01-15 18:35 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-08 15:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 20:25 - 2015-04-11 23:21 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2016-04-07 20:25 - 2015-04-11 20:30 - 00000000 ___HD C:\Users\Michael\.gimp-2.8
2016-04-07 20:09 - 2015-04-11 19:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2016-04-07 20:04 - 2016-03-10 22:13 - 00000000 ____D C:\Users\Michael\Desktop\gta
2016-04-07 18:38 - 2015-04-11 21:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
2016-04-06 22:21 - 2016-02-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-04-06 22:21 - 2015-07-30 09:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer
2016-04-06 17:59 - 2015-04-11 17:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2016-04-06 16:56 - 2015-04-10 12:23 - 00000000 ___RD C:\Users\Michael\Desktop\Tools
2016-04-06 16:47 - 2015-04-12 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-02 11:13 - 2015-05-02 18:40 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2016-04-02 10:42 - 2015-07-15 22:43 - 00000000 ____D C:\ProgramData\Origin
2016-04-02 10:41 - 2015-07-15 22:43 - 00000000 ____D C:\Program Files (x86)\Origin
2016-04-02 10:24 - 2015-06-28 22:06 - 00000000 ___RD C:\Users\Michael\Google Drive
2016-03-31 22:23 - 2015-05-21 17:16 - 00002292 ____H C:\Users\Michael\Documents\Default.rdp
2016-03-28 21:19 - 2015-04-12 18:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-28 21:16 - 2016-03-10 20:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-28 21:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-28 21:12 - 2016-01-08 00:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-28 20:02 - 2015-07-16 15:55 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-27 21:19 - 2015-04-10 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-03-26 00:22 - 2016-01-15 18:36 - 00000000 ____D C:\Users\Michael
2016-03-26 00:20 - 2015-08-08 02:01 - 00000000 ____D C:\Program Files (x86)\AviSynth
2016-03-26 00:20 - 2015-08-08 01:55 - 00000000 ____D C:\multiAVCHD
2016-03-26 00:17 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-03-26 00:15 - 2015-12-02 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-26 00:15 - 2015-12-02 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-26 00:14 - 2016-02-23 19:11 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-03-26 00:14 - 2015-06-18 20:06 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-26 00:11 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 00:09 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-26 00:09 - 2016-01-03 23:53 - 00000000 ____D C:\Users\Michael\AppData\Local\VSIXInstaller
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-26 00:09 - 2015-12-02 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-03-26 00:07 - 2016-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unity
2016-03-25 23:39 - 2015-07-05 14:49 - 00000000 ____D C:\ProgramData\Unity
2016-03-25 23:38 - 2015-07-05 14:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Unity
2016-03-25 23:16 - 2015-07-30 04:09 - 00002440 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 23:16 - 2015-04-10 12:22 - 00000000 __RDO C:\Users\Michael\OneDrive
2016-03-25 23:05 - 2015-07-30 04:07 - 00004434 __RSH C:\ProgramData\ntuser.pol
2016-03-25 03:48 - 2015-09-22 21:42 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-25 02:51 - 2016-03-05 11:52 - 00000000 ____D C:\Program Files\Grand Theft Auto V
2016-03-24 22:54 - 2015-12-30 19:25 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-24 22:53 - 2015-07-22 06:02 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-22 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 01:19 - 2015-12-14 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-19 02:47 - 2015-04-10 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-17 22:44 - 2015-04-10 11:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2016-03-17 18:02 - 2015-04-11 21:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-16 23:30 - 2016-03-10 20:49 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-16 23:29 - 2016-03-10 20:49 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-16 23:28 - 2016-03-10 20:49 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-15 22:49 - 2010-06-09 21:30 - 00000000 ____D C:\Users\Michael\Desktop\Screens
2016-03-15 19:11 - 2015-07-03 22:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-15 19:11 - 2015-07-03 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2016-03-14 20:03 - 2015-06-20 18:47 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2016-03-13 16:45 - 2016-01-08 18:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-13 16:44 - 2016-01-08 18:11 - 00000000 ____D C:\ProgramData\Samsung
2016-03-13 16:39 - 2015-12-08 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IrfanView
2016-03-13 16:39 - 2015-04-10 13:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 16:02 - 2015-04-11 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-13 15:51 - 2015-04-11 18:18 - 00000000 ____D C:\Program Files\WinRAR
2016-03-13 14:51 - 2016-03-09 23:08 - 00000995 _____ C:\Users\Michael\Desktop\rt.txt
2016-03-12 22:00 - 2015-06-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-12 16:47 - 2015-09-26 13:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-11 19:12 - 2015-08-11 19:26 - 0000466 _____ () C:\Users\Michael\AppData\Roaming\CascView.ini
2016-04-07 16:38 - 2016-04-07 16:38 - 240397312 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-04-07 16:38 - 2016-04-07 18:09 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat
2015-10-18 01:57 - 2016-04-10 12:13 - 0002855 _____ () C:\Users\Michael\AppData\Roaming\VoiceMeeterDefault.xml
2016-04-07 16:39 - 2016-04-09 11:20 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt
2015-04-19 11:36 - 2015-04-19 11:36 - 0385602 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000204 _____ () C:\Users\Michael\AppData\Local\39587C67_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0059989 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000273 _____ () C:\Users\Michael\AppData\Local\4DFF26B2_stp.CIS.part
2015-04-19 11:37 - 2015-04-19 11:37 - 0121567 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS
2015-04-19 11:37 - 2015-04-19 11:37 - 0000294 _____ () C:\Users\Michael\AppData\Local\580B4113_stp.CIS.part
2015-04-19 11:36 - 2015-04-19 11:36 - 0069441 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS
2015-04-19 11:36 - 2015-04-19 11:36 - 0000293 _____ () C:\Users\Michael\AppData\Local\618015D5_stp.CIS.part
2015-06-18 20:34 - 2015-06-18 20:34 - 0000046 _____ () C:\Users\Michael\AppData\Local\DonationCoder_mpqbuilder_InstallInfo.dat
2015-10-02 23:10 - 2015-10-02 23:11 - 1065984 _____ () C:\Users\Michael\AppData\Local\file__0.localstorage
2015-05-02 22:27 - 2015-05-02 22:27 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2016-04-07 20:25 - 2016-04-07 20:25 - 0041523 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-05-15 21:48 - 2015-11-26 17:42 - 0007684 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-08-28 06:41 - 2015-08-28 06:41 - 0019535 _____ () C:\ProgramData\empty.ico
Einige Dateien in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\libeay32.dll
C:\Users\Michael\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-31 20:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Michael (2016-04-10 12:43:15)
Gestartet von C:\Users\Michael\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-15 16:43:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3852805889-1866178090-3277109897-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3852805889-1866178090-3277109897-503 - Limited - Disabled)
Gast (S-1-5-21-3852805889-1866178090-3277109897-501 - Limited - Disabled) => C:\Users\Gast
Michael (S-1-5-21-3852805889-1866178090-3277109897-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.1 - RedFox)
ArcaniA: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Crucial Storage Executive (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Storage Executive 3.15.112014.06) (Version: 3.24.082015.05 - Crucial)
Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.0.2 - cryptomator.org)
Discord (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1068 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NAPS2 3.3.5 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.49 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1068 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.1.1.5837 - ownCloud)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RemoteComms driver (HKLM-x32\...\{89B4CA50-3F94-451F-B93A-22608DF45FF9}) (Version: 1.30.0002 - PLX Technology)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16032.18 - Samsung Electronics Co., Ltd.) Hidden
Snapmatic Screensaver (HKLM-x32\...\Snapmatic Screensaver_is1) (Version: 1.0 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04355E58-6FD1-495F-93EE-57A1B3ACF30D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {055D0111-EA4F-4261-999C-47501CEF1BB0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-20] (Microsoft Corporation)
Task: {05D61722-FE44-40BD-ACCE-9C027061B90A} - System32\Tasks\{C1ED46C2-6A72-4297-BCEC-0AD3B2CD605A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe" -c -uninstallApp 142938258.redeem.sonypicturesstore.com
Task: {0F41DB66-D907-4151-84C8-840C6E60EBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {1A003D57-3939-4097-B4FC-49B69E7E7CE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2779EE54-FBC3-4DA1-B719-23833F6C1F84} - System32\Tasks\{9D134A81-2860-42BB-B7D9-4910B6B623C0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {3569A7F0-81A8-4391-893D-B95673EDDE46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {487BFEF6-DF70-4D14-AE54-D2FF0A4C1589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {4BA7928E-14CC-46DA-BB1A-0F083F6B0786} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4CB2A8EA-1290-4731-A92B-A6A659DF6E92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5035952E-6955-4214-BFA7-8BC1EEAB92DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {60135EA6-B35B-40E1-B5E6-0D9773D2D438} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {624B2716-3954-41F3-BE09-A803897203DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {646A5D08-CD2E-4930-B8D1-E46025B98618} - System32\Tasks\{4D3C9D7E-3228-4EBF-AF68-7191CBA44F1D} => pcalua.exe -a C:\Users\Michael\Desktop\IomegaEncryptionSetup.exe -d C:\Users\Michael\Desktop
Task: {74035255-F2D6-451A-BC19-E66884E031ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {7D9DA623-CE12-44EA-889B-CAD4F3F5E494} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {8A54AD2C-B399-408B-B525-F0F36EA83546} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {945FE37F-B52F-48F3-BBD9-370D163B052C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A9E8087B-368B-4562-A4F4-225C08ECEE80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {BB3D1B89-F553-4912-BF86-66FEEC4624C1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {C72C7527-EEED-4578-B161-D852006D2427} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {CAA8A102-BC26-4A46-9BA1-200D8F4BEDEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D47AFF69-4B86-4693-960B-AE0D1CF99DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-20] (Microsoft Corporation)
Task: {E4438FF6-623A-4EE5-B670-A7B9DFF7A2D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-26] (Dropbox, Inc.)
Task: {EA0CA4DC-147F-4923-AF57-56DBFE06AE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F89084F2-8DB3-4131-A704-ACEC98245D41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {FFE255CD-BF3B-4F69-8472-852150BE3768} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-28 21:15 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-20 01:02 - 2016-02-28 01:41 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-01-01 15:48 - 2016-01-01 15:48 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-10-30 09:18 - 2016-02-16 22:49 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-09 09:59 - 2015-12-09 09:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-03-02 18:20 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 17:16 - 2016-01-18 17:16 - 00058880 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 18:20 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 18:32 - 2016-01-15 18:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-27 21:18 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 21:18 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-01-03 15:25 - 2012-11-15 00:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-28 20:02 - 2016-03-27 06:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 18:43 - 2015-12-07 18:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-03-28 21:16 - 2016-03-25 03:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Michael\Downloads:Shareaza.GUID [16]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Software\Classes\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\sharepoint.com -> hxxps://gymleibnitz.sharepoint.com
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-03-10 21:29 - 2016-03-10 21:29 - 00000034____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3852805889-1866178090-3277109897-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E110F5B5-C6D5-45EC-9D72-3963DA118D8D}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{D957016C-E3CF-4643-A537-F8E7A6B332A5}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe
FirewallRules: [{05E48283-98F4-4A86-BF60-3DDBFE86EEE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D61788B9-A481-47EB-BF6B-E43931C62330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6212146A-C1B1-4653-8634-15DF941A7C9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8A2DA7E7-1D25-4361-8F23-E9FE32FF93B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{1365EA6F-3DE8-4F34-9217-72945EE0DA66}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D1193E8D-00D7-4FEE-A2AF-234DEBDC1406}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F15D40F6-197C-4B21-87BA-E082D0298971}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{912411F0-0EAA-4DD7-82B8-9AB9110CD78C}C:\program files\crucial\storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{C0B6C8B5-1DF2-4D82-8919-1F9E01759C5E}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E512E3B6-DC85-45A9-92E8-34896A0A3D22}D:\blizzard\hearthstone\hearthstone.exe] => (Allow) D:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4025F871-0991-4000-8FB2-18FD5F5CFBC1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FACD9158-BC07-4BEC-9AA6-3D6105D456AC}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E328954B-0660-4BE5-AE33-8C18559B01AD}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{4AB564B4-1E37-46DD-BC27-564E3421430D}C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{441AC144-7923-449F-9B86-75A0B2FB41E1}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{279E2D3D-91E8-4784-BA0C-33B33A972A1A}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [UDP Query User{CEA04421-AA37-499B-8F61-53BDD52C1B7E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{184BDB00-225A-4E9A-8679-CC3427605297}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{0D0F7D56-D3C4-4167-BD27-A37A4C70F5C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A9841AB8-B7AE-4EA4-A565-324F82C8458B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FB8EF56C-C8E9-4468-9461-AF440ABD4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{50D2AA6C-C251-41BF-BA31-A276E1DFE9E2}] => (Allow) D:\SteamLibrary\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{32F9317E-22BB-4A0E-8A90-4F4E786213A0}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4753EB2D-CC6E-44B7-92A2-DE66F08CCE3B}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{61BAD7A6-F3DE-4E17-B85B-354E5B881C54}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{057ADA51-1097-4B44-A71E-CB9F75752E26}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3FE7D773-07B0-49F2-8FEB-393374130852}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{6928CD8D-AFC6-410E-839B-2E942059E55C}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{396927DA-BA24-4653-9106-00FDDC35C4BF}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{E469FD53-67CF-4DB0-BC54-77F35C539FC5}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{3B5D9CDA-A8C3-47FF-BB1C-AC3A0918B567}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{991A291E-766B-4F4D-83E5-058E3875B034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{FF5A5E33-472D-4721-9539-0CBA79105891}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2200FEB7-6DA8-44C9-A981-F4FD953711C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8ED9C7C8-4919-409C-8BC1-FD3CAD6D8263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09CF574A-A428-4385-A794-A05009FF5826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{DB61D72D-C5EC-4F71-BB7D-BF08078041DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5A7DBEDB-ED20-46C7-B339-3143B9331BFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1E28C84D-5BD1-4457-8F11-3FE391FB5CC0}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5AC70257-BB65-4576-A90C-50CC4B845EFA}D:\blizzard\diablo iii\diablo iii.exe] => (Allow) D:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{20A2A00A-4DF3-459F-B910-E1FA27635A12}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E53673CE-D0BD-42B6-A709-6EDD40DE3883}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{89D9E2C3-FE26-4DFF-8E05-5F6DB2360337}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA3D3DA7-CCDD-48DD-A454-85C7941828A1}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{AC18BE29-F45F-43EA-8E2B-0499864AD6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68E77359-5EA2-4EB7-B017-FA69CC8C9720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2169EAF-865E-4115-A9C6-441F69F5DC1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BF96311-12A5-4267-9F1B-8AB0EB7A6334}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45210241-1C5A-455E-9ADC-89B6176D2CB6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{03FB0B10-326E-4784-98DF-1AC4C5D4915F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{EE6A15BD-CBC6-41F3-95E9-D5F3E6E30D5F}] => (Allow) D:\SteamLibrary\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{AD1CA659-6458-41E5-9867-F744D36979DC}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{65A33961-2A8F-41C6-AD71-684E1E63B13A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{5981EFBA-F912-45EC-8B19-2C26292D04E1}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5DA64CE0-DCD7-4DCE-B7C7-15CD5C5ACCD4}C:\program files\grand theft auto v\gta5.exe] => (Allow) C:\program files\grand theft auto v\gta5.exe
FirewallRules: [{8710AFFA-D4D4-4C6A-ADA9-4F6C0F482C94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{083B1D29-6C2E-480B-A3FE-C4216055BF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BEB45729-1377-411B-99C0-A5C943F09B33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B25A7CB-2D1D-4659-864D-73EB65983BAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03712FEC-31A5-4CCC-BAAE-559F03C3D43A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{62109612-F42E-4FDD-ACA6-BAF07FF6BAFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7FB6FEBB-3957-49A3-9D4C-C3A242200105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{153DB846-60B0-4D8A-A9B5-CCBCD9E40795}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{726146E6-86A9-4CA4-BC6F-8132A767EB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60C176ED-93A1-4B06-A89C-4E4F5BBBEEF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6F6FD627-2461-4901-AD3E-F1372D06608C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EE936D25-6C46-49D0-B994-3D48E70D4F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4940DD03-B989-41E7-A2D9-703FB3B2A155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
==================== Wiederherstellungspunkte =========================
06-04-2016 16:54:46 Removed SciDaVis
06-04-2016 22:16:08 Before CCleaner
09-04-2016 18:56:39 Removed Minecraft
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: SoftPerfect Virtual Bus
Description: SoftPerfect Virtual Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: KEG
Service: SPVDPort
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/10/2016 12:36:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:36:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1e34
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1cb4
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:34:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Error: (04/10/2016 12:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvosc.exe, Version: 2.11.2.49, Zeitstempel: 0x56f43f55
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.162, Zeitstempel: 0x56cd45b4
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xnvosc.exe0
Pfad der fehlerhaften Anwendung: nvosc.exe1
Pfad des fehlerhaften Moduls: nvosc.exe2
Berichtskennung: nvosc.exe3
Vollständiger Name des fehlerhaften Pakets: nvosc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvosc.exe5
Error: (04/10/2016 12:33:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: nvosc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
bei NvOscFramework.CoPlay.OscCoPlayModel..ctor()
bei NvOscFramework.CoPlay.OscCoPlayModel.<.cctor>b__d()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateValue()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei OscMain.WidgetControl.Dispose(Boolean)
bei OscMain.WidgetControl.Finalize()
Systemfehler:
=============
Error: (04/10/2016 12:31:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat
Error: (04/10/2016 12:30:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEIMSCHEISSER)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-3852805889-1866178090-3277109897-1001-0-ntuser.dat
Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NvStreamSvc erreicht.
Error: (04/10/2016 12:29:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "SPVVEngine" ist von folgendem Dienst abhängig: SPVDPort. Dieser Dienst ist möglicherweise nicht installiert.
Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/10/2016 12:29:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/10/2016 12:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4a8a4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-04-10 12:24:17.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-07 21:10:32.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:31.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 17:08:27.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 23:23:01.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 22:24:36.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 21:19:04.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-25 21:19:04.623
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8012.59 MB
Verfügbarer physikalischer RAM: 5911.3 MB
Summe virtueller Speicher: 10700.59 MB
Verfügbarer virtueller Speicher: 8554.76 MB
==================== Laufwerke ================================
Drive c: (iSSD) (Fixed) (Total:231.93 GB) (Free:104.81 GB) NTFS
Drive d: (iWD) (Fixed) (Total:455.76 GB) (Free:270.22 GB) NTFS
Drive z: (iWD_FH) (Fixed) (Total:10 GB) (Free:9.95 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E4E735C2)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
| Themen zu Win10: Browser Hijacker |
| askbar, browser, brwoser hijacker, canon, cpu, defender, dnsapi.dll, einstellungen, excel, explorer, google, homepage, installation, launch, monitor, mozilla, neustart, office 365, prozesse, rundll, scan, security, server, services.exe, software, stick, svchost.exe, udp, updates, usb, visual c++ 2015, windows |
Baum-Darstellung