Danke für die schnelle Antwort :)
Hier die FRST.txt: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
durchgeführt von Blerta (Administrator) auf BLERTA (19-02-2016 14:31:28)
Gestartet von C:\Users\Blerta\Desktop
Geladene Profile: Blerta (Verfügbare Profile: Blerta & kremt_000 & Administrator)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
() C:\Users\Blerta\AppData\Roaming\PefdFabebak\Memzi.exe
() C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\knslF223.tmp
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TU-Funs LIMITED) C:\ProgramData\cWdMc\WdMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\hnsg7C6.tmp
() C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\jnshF209.tmp
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5872.24322\wb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Blerta\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
() C:\Program Files (x86)\SunnyDay3\SunnyDay.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [mbot_en_037050239] => [X]
HKLM-x32\...\Run: [sun3] => C:\Program Files (x86)\SunnyDay3\SunnyDay.exe [3955888 2016-02-12] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\Run: [Spotify Web Helper] => C:\Users\Blerta\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-03] (Spotify Ltd)
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\RunOnce: [Uninstall C:\Users\Blerta\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Blerta\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
Startup: C:\Users\Blerta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-12]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{1817a3fd-6a42-46f3-b5de-22942bc822be}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{1817a3fd-6a42-46f3-b5de-22942bc822be}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{408ece5b-5876-11e5-9bc2-806e6f6e6963}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{473de600-af88-494c-96c1-313a796f22e9}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{47553ea2-c737-4edb-b419-c61f2cfafc5c}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{a2972ea7-8924-4097-859d-0b2ca8d76410}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{aa278e5c-d125-4548-ba33-6ce66741c28c}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{aa278e5c-d125-4548-ba33-6ce66741c28c}: [DhcpNameServer] 127.0.0.1
Tcpip\..\Interfaces\{ba18cfbd-d302-4d40-ae96-489ec62cc871}: [NameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130870847544191378&GUID=DF20EEAC-8A76-480F-88CC-8FF7D9824D09
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=216&b=3&installkey=uSeBBRdcLY7LfHVCnlKm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=216&b=3&installkey=uSeBBRdcLY7LfHVCnlKm
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-004752
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.globasearch.com/?serie=216&installkey=uSeBBRdcLY7LfHVCnlKm&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.globasearch.com/?serie=216&installkey=uSeBBRdcLY7LfHVCnlKm&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=216&installkey=uSeBBRdcLY7LfHVCnlKm&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=216&installkey=uSeBBRdcLY7LfHVCnlKm&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {4FC5C8EB-52A4-4E2C-B629-09592D235013} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {7A0A0877-39B9-4017-96B4-DA10F1B6DA93} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {9297C910-7044-4D43-82CE-5686D6A06DE8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {CEE55D18-541B-400B-9F58-B16C40243CA8} URL =
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {DF54D9B9-5FED-428F-9B2F-8501B3E7A16C} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> {FC23D3D0-7135-44B3-9CF1-AB54A6E0A859} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1455622224&z=7405567d8cd04a087c1b8a5gfz8w3w0q9oco6o2c9m&from=brd&uid=TOSHIBAXMQ01ABD075_92M3C2T7TXX92M3C2T7T
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> hxxp://go.gmx.net/tb/ie_startpage
Edge Session Restore: HKU\S-1-5-21-4107997030-361822973-1121358983-1001 -> ist aktiviert.
FireFox:
========
FF ProfilePath: C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default
FF NewTab: hxxp://www.globasearch.com/?serie=216&b=2&installkey=uSeBBRdcLY7LfHVCnlKm&newtab
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-004752
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.globasearch.com/?serie=216&b=2&installkey=uSeBBRdcLY7LfHVCnlKm
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-004752
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-04-17] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-4107997030-361822973-1121358983-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Blerta\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-4107997030-361822973-1121358983-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Blerta\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF user.js: detected! => C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\user.js [2016-02-17]
FF SearchPlugin: C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\searchplugins\google-avast.xml [2015-09-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml [2016-02-17]
FF Extension: FirefixTab - C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\Extensions\deskCutv2@gmail.com [2016-02-17] [ist nicht signiert]
FF Extension: Outrageous Deal - C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\Extensions\{584cabdd-d27c-4152-9322-7986b83d4e33}.xpi [2016-01-02] [ist nicht signiert]
FF Extension: See More Results Hub - C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\Extensions\{a037c6b1-b5b1-4b52-bb1a-0bc3af32438c}.xpi [2015-09-18] [ist nicht signiert]
FF Extension: Ski Search 1.0.1 - C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\Extensions\{a5f532f8-3151-480d-b78a-7f5f31792e46}.xpi [2015-09-17] [ist nicht signiert]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Blerta\AppData\Roaming\Mozilla\Firefox\Profiles\w7ethdjl.default\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\kremt_000\AppData\Roaming\Mozilla\Firefox\Profiles\dey44mgu.default\extensions\yahooprotected@gmail.com
FF Extension: YahooToolsProtected - C:\Users\kremt_000\AppData\Roaming\Mozilla\Firefox\Profiles\dey44mgu.default\extensions\yahooprotected@gmail.com [2016-02-16] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1455734056&z=ccb399bbd9d86017572fa3fg5zcw0wfmdc6z6edm1e&from=face&uid=TOSHIBAXMQ01ABD075_92M3C2T7TXX92M3C2T7T
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.de/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-17]
CHR Extension: (Google-Suche) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Night Time In New York City) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2015-12-12]
CHR Extension: (Google Mail) - C:\Users\Blerta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursearching.com/?type=sc&ts=1455734056&z=ccb399bbd9d86017572fa3fg5zcw0wfmdc6z6edm1e&from=face&uid=TOSHIBAXMQ01ABD075_92M3C2T7TXX92M3C2T7T
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009392 2016-01-20] (Overwolf LTD)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [389312 2016-02-17] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-11] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 tolukigizbt; C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\knslF223.tmp [186880 2016-02-17] () [Datei ist nicht signiert]
R2 Vyojbyi; C:\Users\Blerta\AppData\Roaming\PefdFabebak\Memzi.exe [142672 2016-02-17] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2016-01-29] (Web Bar Media) [Datei ist nicht signiert]
R2 WdMan; C:\ProgramData\cWdMc\WdMan.exe [794376 2016-02-17] (TU-Funs LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 wucotusy; C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\hnsg7C6.tmp [416256 2016-02-16] () [Datei ist nicht signiert]
R2 zutuzuni; C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\jnshF209.tmp [307712 2016-02-16] () [Datei ist nicht signiert]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
S2 Tiyrbof; "C:\Users\kremt_000\AppData\Roaming\BidnefAgusfe\Fislebum.exe" -cms [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-02-16] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-02-16] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-02-16] (DotC United Inc)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-11] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-19 14:05 - 2016-02-19 14:05 - 00016148 _____ C:\WINDOWS\system32\BLERTA_Blerta_HistoryPrediction.bin
2016-02-19 14:03 - 2016-02-19 14:03 - 00000000 ____D C:\WINDOWS\system32\wam
2016-02-18 13:52 - 2016-02-18 13:52 - 00016148 _____ C:\WINDOWS\system32\BLERTA_kremt_000_HistoryPrediction.bin
2016-02-17 20:30 - 2016-02-17 20:30 - 00000000 ____D C:\WINDOWS\system32\uni
2016-02-17 20:19 - 2016-02-19 14:03 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2016-02-17 20:19 - 2016-02-19 14:01 - 00000000 ____D C:\ProgramData\SearchModule
2016-02-17 20:19 - 2016-02-17 20:19 - 00003408 _____ C:\WINDOWS\System32\Tasks\Dawidumb
2016-02-17 20:19 - 2016-02-17 20:19 - 00000000 ____D C:\Users\Blerta\AppData\Roaming\PefdFabebak
2016-02-17 20:19 - 2016-02-17 20:19 - 00000000 ____D C:\Users\Blerta\AppData\LocalLow\Company
2016-02-17 20:19 - 2016-02-17 20:19 - 00000000 ____D C:\Users\Blerta\AppData\Local\Tempfolder
2016-02-17 19:53 - 2016-02-17 19:53 - 00001267 _____ C:\Users\Blerta\Desktop\Continue Last version Installation.lnk
2016-02-17 19:49 - 2016-02-17 19:49 - 00000000 ____D C:\Users\Blerta\AppData\Roaming\DailyPCClean
2016-02-17 19:35 - 2016-02-19 14:06 - 00000000 ____D C:\Program Files (x86)\SFK
2016-02-17 19:34 - 2016-02-17 19:36 - 00000000 ____D C:\ProgramData\cWdMc
2016-02-17 19:34 - 2016-02-17 19:34 - 00001239 _____ C:\Users\Blerta\Desktop\Continue ExtraFeatures Installation.lnk
2016-02-17 19:34 - 2016-02-17 19:34 - 00000374 _____ C:\WINDOWS\SysWOW64\data.bin
2016-02-16 20:44 - 2016-02-16 20:44 - 00000000 ____D C:\Users\Blerta\AppData\Local\TempTaskUpdateDetection1C143618-CF0C-4C92-AC36-FF4B38AD7752
2016-02-16 19:15 - 2016-02-17 19:13 - 00000000 ____D C:\Users\Blerta\AppData\Local\WebBar
2016-02-16 19:14 - 2016-02-16 19:14 - 00000000 ____D C:\Users\Blerta\AppData\Roaming\Note-UP
2016-02-16 19:13 - 2016-02-16 19:14 - 00000000 ____D C:\Users\Blerta\AppData\Local\SunnyDay3
2016-02-16 19:13 - 2016-02-16 19:13 - 00000000 ____D C:\Users\Blerta\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-16 13:55 - 2016-02-16 13:55 - 00000000 ____D C:\Users\kremt_000\AppData\Local\TempTaskUpdateDetection934CC79E-34F9-4C96-8825-CFF158F23556
2016-02-16 12:53 - 2016-02-16 12:53 - 00000000 ____D C:\Users\kremt_000\AppData\Local\TempTaskUpdateDetection8FC0001C-0311-4A46-8346-8633234F1F79
2016-02-16 12:36 - 2016-02-16 12:36 - 00000000 ____D C:\WINDOWS\system32\fhee
2016-02-16 12:32 - 2016-02-17 19:34 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-16 12:32 - 2016-02-16 12:32 - 00000000 ____D C:\ProgramData\BWdMB
2016-02-16 12:31 - 2016-02-16 12:32 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\yoursearching
2016-02-16 12:30 - 2016-02-16 12:30 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2016-02-16 12:30 - 2016-02-16 12:30 - 00003410 _____ C:\WINDOWS\System32\Tasks\Uynuiu
2016-02-16 12:30 - 2016-02-16 12:30 - 00000000 ____D C:\Users\kremt_000\AppData\LocalLow\Company
2016-02-16 12:30 - 2016-02-16 12:30 - 00000000 ____D C:\Users\kremt_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-16 12:30 - 2016-02-16 12:30 - 00000000 ____D C:\Users\kremt_000\AppData\Local\Tempfolder
2016-02-16 12:30 - 2016-02-16 12:30 - 00000000 ____D C:\uninst
2016-02-16 12:29 - 2016-02-16 12:29 - 00001128 _____ C:\Users\kremt_000\Desktop\Legends of Honor.lnk
2016-02-16 12:29 - 2016-02-16 12:29 - 00001110 _____ C:\Users\kremt_000\Desktop\Goodgame Empire.lnk
2016-02-16 12:28 - 2016-02-16 12:28 - 00000000 ____D C:\ProgramData\3660a2ed-7c87-0
2016-02-16 12:28 - 2016-02-16 12:28 - 00000000 ____D C:\ProgramData\3660a2ed-1683-1
2016-02-16 12:27 - 2016-02-18 13:14 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\SpeedMon
2016-02-16 12:27 - 2016-02-16 12:27 - 00525688 _____ C:\Users\kremt_000\Downloads\itunes (1).exe
2016-02-16 12:27 - 2016-02-16 12:27 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMon
2016-02-16 12:26 - 2016-02-16 13:53 - 00000000 ____D C:\Users\kremt_000\AppData\Local\SunnyDay3
2016-02-16 12:26 - 2016-02-16 13:50 - 00000000 ____D C:\Users\kremt_000\AppData\Local\mbot_en_037050239
2016-02-16 12:26 - 2016-02-16 12:26 - 00000000 ____D C:\Program Files (x86)\SunnyDay3
2016-02-16 12:25 - 2016-02-16 12:25 - 00000000 ____D C:\Users\kremt_000\Documents\DailyPCClean
2016-02-16 12:24 - 2016-02-17 19:35 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-02-16 12:24 - 2016-02-16 13:50 - 00000000 ____D C:\Users\kremt_000\AppData\Local\DailyPcClean Support
2016-02-16 12:24 - 2016-02-16 12:24 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-02-16 12:24 - 2016-02-16 12:24 - 00002044 _____ C:\WINDOWS\System32\Tasks\rdf3019
2016-02-16 12:17 - 2016-02-16 12:29 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\dlg
2016-02-16 12:14 - 2016-02-16 12:53 - 00000000 ____D C:\ProgramData\Avg
2016-02-16 12:14 - 2016-02-16 12:53 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-16 12:13 - 2016-02-16 12:52 - 00000000 ____D C:\Users\kremt_000\AppData\Local\AvgSetupLog
2016-02-16 12:13 - 2016-02-16 12:36 - 00000000 ____D C:\Users\kremt_000\AppData\Local\WebBar
2016-02-16 12:13 - 2016-02-16 12:15 - 00000000 ____D C:\Users\kremt_000\AppData\Local\Avg
2016-02-16 12:13 - 2016-02-16 12:13 - 00003850 _____ C:\WINDOWS\System32\Tasks\WebBarUpdateTask
2016-02-16 12:13 - 2016-02-16 12:13 - 00003328 _____ C:\WINDOWS\System32\Tasks\WebBarLaunchTask
2016-02-16 12:13 - 2016-02-16 12:13 - 00001899 _____ C:\Users\kremt_000\Desktop\Note-Up.lnk
2016-02-16 12:13 - 2016-02-16 12:13 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\Note-UP
2016-02-16 12:13 - 2016-02-16 12:13 - 00000000 ____D C:\Program Files\WebBar
2016-02-16 12:13 - 2016-02-16 12:13 - 00000000 ____D C:\Program Files (x86)\Note-up
2016-02-16 12:13 - 2016-02-16 12:11 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-02-16 12:12 - 2016-02-19 13:47 - 00000000 ____D C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5
2016-02-16 12:12 - 2016-02-16 12:12 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\NUIns
2016-02-16 12:10 - 2016-02-16 12:11 - 00525680 _____ C:\Users\kremt_000\Downloads\itunes.exe
2016-02-16 10:05 - 2016-02-16 12:30 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2016-02-14 21:04 - 2016-02-14 21:04 - 00431206 _____ C:\Users\Blerta\Downloads\doc15225120160211080320 (2).pdf
2016-02-14 21:01 - 2016-02-14 21:01 - 00431206 _____ C:\Users\Blerta\Downloads\doc15225120160211080320 (1).pdf
2016-02-14 20:56 - 2016-02-14 20:56 - 00431206 _____ C:\Users\Blerta\Downloads\doc15225120160211080320.pdf
2016-02-14 11:35 - 2016-02-14 11:35 - 00367896 _____ C:\Users\Blerta\Downloads\UDGJ5E.pdf
2016-02-14 00:28 - 2016-02-14 00:30 - 00328592 _____ C:\WINDOWS\Minidump\021416-33328-01.dmp
2016-02-12 18:21 - 2016-02-12 18:21 - 00000000 ____D C:\Users\Blerta\AppData\Roaming\KDE
2016-02-12 18:21 - 2016-02-12 18:21 - 00000000 ____D C:\ProgramData\KDE
2016-02-12 18:20 - 2016-02-12 18:21 - 02267648 _____ C:\Users\Blerta\Downloads\kdewin-installer-gui-1.0.0.exe
2016-02-10 12:00 - 2016-01-31 07:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 12:00 - 2016-01-31 07:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 12:00 - 2016-01-31 07:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 12:00 - 2016-01-31 07:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 12:00 - 2016-01-31 07:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 12:00 - 2016-01-31 07:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 12:00 - 2016-01-31 07:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 12:00 - 2016-01-31 07:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 12:00 - 2016-01-31 07:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 12:00 - 2016-01-31 07:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 12:00 - 2016-01-31 06:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 12:00 - 2016-01-31 06:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 12:00 - 2016-01-31 06:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 12:00 - 2016-01-31 06:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 12:00 - 2016-01-31 06:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 12:00 - 2016-01-31 06:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 12:00 - 2016-01-31 06:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 12:00 - 2016-01-31 06:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 12:00 - 2016-01-31 06:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 12:00 - 2016-01-31 06:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 12:00 - 2016-01-31 06:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 12:00 - 2016-01-31 06:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 12:00 - 2016-01-31 06:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 12:00 - 2016-01-31 06:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 12:00 - 2016-01-31 06:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 12:00 - 2016-01-31 06:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 12:00 - 2016-01-31 06:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 12:00 - 2016-01-31 06:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 12:00 - 2016-01-31 06:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 12:00 - 2016-01-31 06:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 12:00 - 2016-01-31 06:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 12:00 - 2016-01-31 06:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 12:00 - 2016-01-31 06:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 12:00 - 2016-01-31 06:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 12:00 - 2016-01-31 06:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 12:00 - 2016-01-31 06:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 12:00 - 2016-01-31 06:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 12:00 - 2016-01-31 06:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 12:00 - 2016-01-31 06:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 12:00 - 2016-01-31 06:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 12:00 - 2016-01-31 06:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 12:00 - 2016-01-31 06:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 12:00 - 2016-01-31 06:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 12:00 - 2016-01-31 06:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 12:00 - 2016-01-31 06:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 12:00 - 2016-01-31 06:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 12:00 - 2016-01-31 06:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 12:00 - 2016-01-31 06:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 12:00 - 2016-01-31 06:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 12:00 - 2016-01-31 06:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 12:00 - 2016-01-31 06:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 12:00 - 2016-01-31 06:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 12:00 - 2016-01-31 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 12:00 - 2016-01-31 06:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 12:00 - 2016-01-31 06:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 12:00 - 2016-01-31 05:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 12:00 - 2016-01-31 05:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-01-30 12:48 - 2016-02-19 14:09 - 00520334 _____ C:\WINDOWS\system32\perfh012.dat
2016-01-30 12:48 - 2016-02-19 14:09 - 00138100 _____ C:\WINDOWS\system32\perfc012.dat
2016-01-30 12:48 - 2016-01-30 12:45 - 00159486 _____ C:\WINDOWS\system32\perfi012.dat
2016-01-30 12:48 - 2016-01-30 12:45 - 00033362 _____ C:\WINDOWS\system32\perfd012.dat
2016-01-30 12:46 - 2016-01-30 12:46 - 00000000 ____D C:\WINDOWS\SysWOW64\ko
2016-01-30 12:46 - 2016-01-30 12:46 - 00000000 ____D C:\WINDOWS\system32\ko
2016-01-30 12:37 - 2015-07-09 18:58 - 00000468 _____ C:\Users\Public\Desktop\Messenger Center.lnk
2016-01-30 12:37 - 2015-07-09 18:58 - 00000468 _____ C:\Users\Public\Desktop\Media Player Center.lnk
2016-01-30 12:37 - 2015-07-09 18:58 - 00000468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Messenger Center.lnk
2016-01-30 12:37 - 2015-07-09 18:58 - 00000468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Center.lnk
2016-01-30 12:34 - 2015-07-09 20:36 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll
2016-01-30 12:34 - 2015-07-09 20:25 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll
2016-01-30 12:34 - 2015-06-17 18:05 - 12023100 _____ C:\WINDOWS\system32\korwbrkr.lex
2016-01-30 12:33 - 2016-01-30 12:33 - 00001058 _____ C:\Users\Blerta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-01-26 21:19 - 2016-01-26 21:19 - 00066197 _____ C:\Users\Blerta\Downloads\Werbevertrag_Holbein-Gymnasium Augsburg.pdf
2016-01-23 22:54 - 2016-01-23 22:54 - 00066055 _____ C:\Users\Blerta\Downloads\Übungsaufsatz - Gedichtanalyse.odt
2016-01-23 19:21 - 2016-01-23 19:22 - 01188240 _____ (Uniblue Systems Limited ) C:\Users\Blerta\Downloads\pcmechanicpm.exe
2016-01-23 18:39 - 2016-01-23 18:39 - 00302011 _____ C:\Users\Blerta\Downloads\WindowsUpdateDiagnostic (1).diagcab
2016-01-23 16:45 - 2016-01-23 16:46 - 00285888 _____ C:\WINDOWS\Minidump\012316-26906-01.dmp
2016-01-22 22:28 - 2016-02-14 00:28 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-22 22:28 - 2016-01-22 22:29 - 00285888 _____ C:\WINDOWS\Minidump\012216-23234-01.dmp
2016-01-21 21:12 - 2016-01-21 21:12 - 00000000 ____D C:\Users\kremt_000\AppData\Local\Microsoft Help
2016-01-20 20:03 - 2016-01-20 20:03 - 00000000 ____D C:\Users\kremt_000\AppData\LocalLow\Temp
2016-01-20 20:03 - 2016-01-20 20:03 - 00000000 ____D C:\Users\kremt_000\AppData\Local\MicrosoftEdge
2016-01-20 20:00 - 2016-01-20 20:00 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\OpenOffice
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-19 14:32 - 2016-01-04 20:18 - 00026495 _____ C:\Users\Blerta\Desktop\FRST.txt
2016-02-19 14:31 - 2015-08-20 14:45 - 00000000 ____D C:\FRST
2016-02-19 14:31 - 2014-10-31 16:19 - 00000000 ____D C:\Users\Blerta\AppData\Roaming\Spotify
2016-02-19 14:31 - 2014-10-31 16:19 - 00000000 ____D C:\Users\Blerta\AppData\Local\Spotify
2016-02-19 14:15 - 2015-05-05 16:49 - 00001150 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008UA.job
2016-02-19 14:13 - 2015-09-27 10:58 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 14:13 - 2015-09-27 10:58 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 14:09 - 2015-09-11 12:45 - 02448844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-19 14:09 - 2015-07-10 17:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-19 14:09 - 2015-07-10 17:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-19 14:09 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-19 14:06 - 2015-04-30 15:53 - 00000000 ____D C:\Users\Blerta\AppData\Local\LogMeIn Hamachi
2016-02-19 14:04 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 14:03 - 2015-07-10 10:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-02-19 13:56 - 2016-01-04 20:20 - 00046295 _____ C:\Users\Blerta\Desktop\Addition.txt
2016-02-19 13:51 - 2014-12-30 16:10 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{569ACF02-1BDE-4672-911B-6B8A2839AA94}
2016-02-19 13:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-19 13:48 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-18 13:52 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-18 13:23 - 2015-01-10 20:06 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B17DBB7-70F1-4497-B55D-63CEA38C11F4}
2016-02-18 13:14 - 2015-05-05 16:50 - 00002864 _____ C:\Users\kremt_000\Desktop\Google Chrome Canary.lnk
2016-02-18 13:14 - 2015-05-05 16:50 - 00002842 _____ C:\Users\kremt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-02-18 13:11 - 2015-04-15 17:01 - 00000000 ____D C:\Users\kremt_000\AppData\Local\Purplizer
2016-02-18 13:10 - 2015-04-15 16:59 - 00000000 ____D C:\Users\kremt_000\AppData\Local\Overwolf
2016-02-18 13:10 - 2015-04-11 19:59 - 00000000 ____D C:\Users\kremt_000\AppData\Roaming\Skype
2016-02-18 13:09 - 2015-04-29 20:41 - 00000000 ____D C:\Users\kremt_000\AppData\Local\LogMeIn Hamachi
2016-02-18 13:09 - 2015-01-19 18:06 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-17 20:06 - 2015-09-27 10:59 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 20:06 - 2015-09-27 10:59 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-17 20:06 - 2015-07-26 16:11 - 00002594 _____ C:\Users\Blerta\Desktop\Google Chrome Canary.lnk
2016-02-17 20:06 - 2015-05-22 14:39 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-17 20:06 - 2015-05-22 14:39 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-17 19:38 - 2016-01-04 20:18 - 00000000 ____D C:\Users\Blerta\Desktop\FRST-OlderVersion
2016-02-17 19:38 - 2015-08-20 14:43 - 02371072 _____ (Farbar) C:\Users\Blerta\Desktop\FRST64.exe
2016-02-16 20:16 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-16 12:39 - 2013-07-16 01:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-16 12:16 - 2016-01-03 13:14 - 00000000 ____D C:\ProgramData\TuneUp Software
2016-02-16 12:15 - 2015-05-05 16:49 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008Core.job
2016-02-16 12:10 - 2015-05-05 16:49 - 00004274 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008UA
2016-02-16 12:10 - 2015-05-05 16:49 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008Core
2016-02-16 12:08 - 2015-09-16 13:23 - 00002406 _____ C:\Users\kremt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-16 12:08 - 2015-01-09 17:33 - 00000000 ___RD C:\Users\kremt_000\OneDrive
2016-02-14 21:21 - 2015-11-30 20:06 - 00000000 ____D C:\Users\Blerta\.oracle_jre_usage
2016-02-14 21:21 - 2015-11-30 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-14 21:21 - 2015-11-30 20:05 - 00000000 ____D C:\ProgramData\Oracle
2016-02-14 21:21 - 2015-11-30 20:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-14 21:20 - 2015-11-30 20:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-14 00:28 - 2015-02-15 16:55 - 792002070 _____ C:\WINDOWS\MEMORY.DMP
2016-02-13 00:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-11 17:49 - 2015-07-10 17:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 14:09 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 14:08 - 2014-11-13 20:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 14:00 - 2014-11-13 20:24 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-05 22:10 - 2015-09-11 19:00 - 00002397 _____ C:\Users\Blerta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-05 22:10 - 2014-12-28 19:07 - 00000000 __RDO C:\Users\Blerta\OneDrive
2016-02-03 14:08 - 2015-09-27 10:58 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 14:08 - 2015-09-27 10:58 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 23:47 - 2015-10-07 14:35 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 23:47 - 2015-10-07 14:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-30 15:10 - 2015-07-10 13:20 - 00482248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-30 12:46 - 2015-09-11 12:58 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-01-30 12:46 - 2015-07-10 17:34 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\Com
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-30 12:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\IME
2016-01-30 12:46 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-01-30 12:46 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-30 12:46 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-01-30 12:46 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\servicing
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Help
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-30 12:45 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-30 12:34 - 2015-07-10 17:35 - 00000000 ____D C:\WINDOWS\OCR
2016-01-25 23:00 - 2015-04-15 17:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-01-24 00:36 - 2015-09-11 12:24 - 00000000 ____D C:\Users\Blerta
2016-01-20 20:05 - 2015-07-10 12:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 20:04 - 2015-01-03 20:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-04-23 16:55 - 2015-07-18 17:16 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2016-02-16 12:32 - 2016-02-17 19:34 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Einige Dateien in TEMP:
====================
C:\Users\Blerta\AppData\Local\Temp\2B5B.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\64E7.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\8C3E.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\94E1.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\994B.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\amisetup6036__15905.exe
C:\Users\Blerta\AppData\Local\Temp\DC43.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\diam6111.exe
C:\Users\Blerta\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Blerta\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Blerta\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Blerta\AppData\Local\Temp\ICReinstall_2B5B.tmp.exe
C:\Users\Blerta\AppData\Local\Temp\IyOcNW6AIr.exe
C:\Users\Blerta\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Blerta\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Blerta\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Blerta\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Blerta\AppData\Local\Temp\sqlite3.dll
C:\Users\Blerta\AppData\Local\Temp\tu17p84.exe
C:\Users\Blerta\AppData\Local\Temp\ytb.exe
C:\Users\Blerta\AppData\Local\Temp\{0850F9CA-9845-4EBD-B87F-2A83F07A51D9}.dll
C:\Users\Blerta\AppData\Local\Temp\{1C0FA925-CE45-4412-8BA4-44938A45053B}.dll
C:\Users\Blerta\AppData\Local\Temp\{1D4C02CD-B499-4101-99CB-080B35D04F33}.dll
C:\Users\Blerta\AppData\Local\Temp\{3D410ED1-6389-4EAD-9AB9-5FC86DA4E2FA}.dll
C:\Users\Blerta\AppData\Local\Temp\{621E5A70-7B80-45F5-8A62-620F7933D234}.dll
C:\Users\Blerta\AppData\Local\Temp\{72B1665E-91CA-4D78-941D-0030E731D00A}.dll
C:\Users\Blerta\AppData\Local\Temp\{72D2D7E8-7531-4E0F-A6E1-DD27297894FD}.dll
C:\Users\Blerta\AppData\Local\Temp\{AADA3FBC-6161-49D9-A7A2-E828938FAA86}.dll
C:\Users\Blerta\AppData\Local\Temp\{B2587434-4ECD-42EC-8FAB-E630D4E0C869}.dll
C:\Users\Blerta\AppData\Local\Temp\{B3A7331C-A181-4E5D-BF48-57AD19A681B2}.dll
C:\Users\Blerta\AppData\Local\Temp\{EC058C49-C7BA-448B-8A0B-E3094A264E1E}.dll
C:\Users\Blerta\AppData\Local\Temp\{F2208774-CD13-41C0-9440-A8BA2112739D}.dll
C:\Users\Blerta\AppData\Local\Temp\{FD2B294F-BBD5-4AAE-B92A-EAE0C97FB7CD}.dll
C:\Users\kremt_000\AppData\Local\Temp\BingSvc.exe
C:\Users\kremt_000\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\kremt_000\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\kremt_000\AppData\Local\Temp\diam25353.exe
C:\Users\kremt_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kremt_000\AppData\Local\Temp\{96C22BB6-028C-429A-8D90-7CAAF50C523C}-50.0.2624.0_chrome_installer_win64.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 12:00] - [2015-07-10 12:00] - 0680256 ____A (Microsoft Corporation) 8F0225B0442B8EBC008C046F1EA93C5B
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 12:00] - [2015-07-10 12:00] - 0534064 ____A (Microsoft Corporation) ED7297C0E718BFFD2495DB088D809227
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-02-08 10:23
==================== Ende von FRST.txt ============================
Und hier die Addition.txt Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-02-2016
durchgeführt von Blerta (2016-02-19 14:32:39)
Gestartet von C:\Users\Blerta\Desktop
Windows 10 Home (X64) (2015-09-11 17:50:51)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4107997030-361822973-1121358983-500 - Administrator - Disabled) => C:\Users\Administrator
Blerta (S-1-5-21-4107997030-361822973-1121358983-1001 - Administrator - Enabled) => C:\Users\Blerta
DefaultAccount (S-1-5-21-4107997030-361822973-1121358983-503 - Limited - Disabled)
Gast (S-1-5-21-4107997030-361822973-1121358983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4107997030-361822973-1121358983-1005 - Limited - Enabled)
kremt_000 (S-1-5-21-4107997030-361822973-1121358983-1008 - Administrator - Enabled) => C:\Users\kremt_000
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version: - )
Crossfire Europe (HKLM-x32\...\Steam App 328240) (Version: - Smilegate Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\Google Chrome SxS) (Version: 47.0.2512.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
LibreOffice 4.3.6.2 (HKLM-x32\...\{9F410B70-8A45-4F28-985E-F9731219BCBC}) (Version: 4.3.6.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH)
Note-up (HKLM-x32\...\Note-up) (Version: - Note-up)
Note-UP (HKLM-x32\...\NUIns) (Version: - QUAHOG LIMITED)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM-x32\...\{88b0991b-ed4e-4224-9449-7ef3346fc548}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.92.3.0 - Overwolf Ltd.)
Papyrus Autor Demo -- from R.O.M. logicware GmbH (HKLM-x32\...\Papyrus Autor Demo) (Version: - R.O.M. logicware GmbH)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S4 League (HKLM-x32\...\S4 League) (Version: - )
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ACHTUNG
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SunnyDay (HKLM-x32\...\SunnyDay3_is1) (Version: - SUNNYDAY)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TremendouseSAale (HKLM-x32\...\{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A}) (Version: - )
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.02 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Bar 2.0.5872.24322 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5872.24322 - Web Bar Media) <==== ACHTUNG
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Blerta\AppData\Local\Google\Chrome SxS\Application\47.0.2512.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Blerta\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Blerta\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Blerta\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4107997030-361822973-1121358983-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Blerta\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {13848F55-6796-4F3B-B3C0-348433CE6DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {166B75D7-875F-4D3A-8B7D-99C6C574AB56} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-01-20] (Overwolf LTD)
Task: {26D4373D-906E-44E7-8600-60444F6886F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {2BF84E72-2AAB-4AFF-B2A8-B388BE65292F} - System32\Tasks\Uynuiu => C:\PROGRA~1\SHOPPE~1\Kagqiie.bat
Task: {2E57CE44-66A7-432F-A42D-91D02B3DA5B7} - System32\Tasks\rdf3019 => C:\Program Files (x86)\QuickSearch\rdf3019.exe <==== ACHTUNG
Task: {3228CA06-2789-4C9F-9E62-8F1F41113DC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008UA => C:\Users\kremt_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-05] (Google Inc.)
Task: {333BE0CA-FEA0-486D-8EA9-B5A23C6F146F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-20] (Microsoft Corporation)
Task: {39A23EFD-3A8C-4984-9D68-4492A2DDFFFC} - \TermTrident Auto Updater 1.10.0.22 Pending Update -> Keine Datei <==== ACHTUNG
Task: {4574AF60-AF7E-421B-A9C0-BE8DB33F88FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {48D17C80-597E-4ED8-9A52-B1E194E4BB43} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {5BDD9F22-C7F2-45D6-9FBC-E228802DA551} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {6E4AE02A-B539-4527-B2C9-EA2A63312DE3} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2016-01-29] (Web Bar Media) <==== ACHTUNG
Task: {7542CB4D-9F71-4C37-8B09-E534A2382B3C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {7EDDBAFD-1E52-4F06-BF0C-30DB1556AA58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {80F26955-0BD4-4112-92E7-ECFC846F2708} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {8E3791EF-6576-4A61-A13C-E2876427D333} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {97741578-B61F-478C-9EC7-65F867EAF1D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {9CEF0D8D-CC0B-4D2C-BFC8-29C0912881CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A3D1A055-9A08-41A0-8986-2B21E52520EA} - \TermTrident Auto Updater 1.10.0.22 Core -> Keine Datei <==== ACHTUNG
Task: {A840C559-4941-4850-B469-D296D3E10EAC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A88B4EC5-C7C2-4A6E-88D5-A843AAB412C0} - System32\Tasks\FL Studio => C:\Users\Blerta\AppData\Local\Temp\is-2BL0C.tmp\prsetup.exe [2015-07-07] (FL Studio, Inc. ) <==== ACHTUNG
Task: {B3F7DC40-7615-4475-B4BE-EEFE8BCE1234} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B68FC298-A9EC-4492-B608-D1DE3B6A9554} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2016-01-29] (Web Bar Media) <==== ACHTUNG
Task: {BBB23C47-F9ED-40B1-8C66-48E4E94437FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008Core => C:\Users\kremt_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-05] (Google Inc.)
Task: {C8D4B603-45E0-4F4D-880A-4813100999D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {CC717709-5F4B-4A6E-995E-0415A44A717C} - System32\Tasks\Dawidumb => C:\PROGRA~1\SHOPPE~1\Judtudl.bat
Task: {CD442B92-FFAD-4239-B69F-E1EB2931AF17} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {CE490F2A-E2D7-4E25-87CE-AD0AE7C6B3E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D1FA9E4C-CF12-491C-832B-E558AD3B4608} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {E9A2309F-30AF-4FA8-B33D-02E6D6AC9728} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1001Core.job => C:\Users\Blerta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1001Core1d0c7b556009462.job => C:\Users\Blerta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008Core.job => C:\Users\kremt_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4107997030-361822973-1121358983-1008UA.job => C:\Users\kremt_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-09-11 13:06 - 2015-09-11 13:06 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2015-09-11 13:07 - 2015-09-11 13:07 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-02-17 19:35 - 2016-02-17 19:34 - 00389312 _____ () C:\Program Files (x86)\SFK\SSFK.exe
2016-02-17 17:55 - 2016-02-17 17:55 - 00142672 _____ () C:\Users\Blerta\AppData\Roaming\PefdFabebak\Memzi.exe
2016-02-17 21:23 - 2016-02-17 21:23 - 00186880 _____ () C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\knslF223.tmp
2015-01-03 20:44 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-02-16 12:13 - 2016-02-16 12:13 - 00416256 _____ () C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\hnsg7C6.tmp
2016-02-16 12:13 - 2016-02-16 12:13 - 00307712 _____ () C:\Program Files (x86)\9B77FA80-1455621169-81E2-2BC4-7054D2375AD5\jnshF209.tmp
2015-10-02 13:42 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 13:42 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-02 13:41 - 2015-09-17 06:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-08 21:32 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:32 - 2015-11-25 05:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-08 21:32 - 2015-11-25 05:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-12-08 21:32 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-16 12:13 - 2016-01-14 12:39 - 00255488 _____ () C:\Program Files\WebBar\2.0.5872.24322\isa_x64.dll
2015-10-02 13:41 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 21:32 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:32 - 2015-11-25 05:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-02 13:42 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-11 13:07 - 2015-09-11 13:07 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-11 13:07 - 2015-09-11 13:07 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-09-11 13:07 - 2015-09-11 13:07 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-09-11 13:07 - 2015-09-11 13:07 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2016-02-16 12:26 - 2016-02-12 13:27 - 03955888 _____ () C:\Program Files (x86)\SunnyDay3\SunnyDay.exe
2016-02-17 17:55 - 2016-02-17 20:19 - 00173392 _____ () C:\Users\Blerta\AppData\Roaming\PefdFabebak\Tindas.din
2015-12-01 15:37 - 2015-12-01 15:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-02-10 19:13 - 2016-02-09 12:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 19:13 - 2016-02-09 12:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-10 19:13 - 2016-02-09 12:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
2012-11-13 02:09 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-4107997030-361822973-1121358983-1001\...\aeriagames.com -> hxxp://aeriagames.com
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-02-16 12:11 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4107997030-361822973-1121358983-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Blerta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img12.jpg
DNS Servers: 10.0.0.1 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3EFA51E4-D376-4AF8-9F79-9F3D4B357103}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{ECD7F147-F7DB-43AE-8828-59B6A3678BD8}C:\users\blerta\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\blerta\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6FE1F3D1-211E-4720-8B33-F5FDD858CE05}C:\users\blerta\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\blerta\appdata\roaming\spotify\spotify.exe
FirewallRules: [{44A7B82D-7C15-48D7-8BE2-2685F00FF09F}] => (Allow) LPort=1900
FirewallRules: [{1130F5D3-F5D6-4D1F-B265-52828C64B1DB}] => (Allow) LPort=2869
FirewallRules: [{984235DB-0600-45A5-B2EA-6461999DED1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{6E59ACB1-97F8-479E-8187-0F753EC8CE68}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B7160868-7C0A-463F-8311-6D8B03083981}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3A7B3815-3F33-4DB3-B2E0-53AB322CF432}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{B30079C7-A6AA-4AE0-A843-996360C5B965}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [UDP Query User{FE276B2F-6B9C-4756-BDE7-DC8916237B87}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt-ded.exe] => (Block) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt-ded.exe
FirewallRules: [TCP Query User{943EA124-8D59-46AF-839E-9EC6126AADAC}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt-ded.exe] => (Block) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt-ded.exe
FirewallRules: [{9B448081-32FF-46B7-A498-15336BCA1EAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1F4465E7-1897-4E44-ADFA-E0318AFB1961}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20F4239C-029B-43C0-9A74-5E10B854F691}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E2463218-FBFA-4129-9CA7-12CB6AAE5044}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{129DC64E-0FC5-426A-A2F5-1DDD7489DECF}C:\users\kremt_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kremt_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{914EC9E7-D19C-41E9-B3FD-3345D576B98D}C:\users\kremt_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kremt_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F0761887-52B0-4644-AB83-D65854411059}C:\aeriagames\soldierfront\soldierfront.exe] => (Allow) C:\aeriagames\soldierfront\soldierfront.exe
FirewallRules: [TCP Query User{A23A55CF-1136-40CA-975C-F3C5D3A71717}C:\aeriagames\soldierfront\soldierfront.exe] => (Allow) C:\aeriagames\soldierfront\soldierfront.exe
FirewallRules: [{AFD48E35-5A53-426D-B634-1C430BE9C429}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8356209C-66BC-47E2-B322-CC4F0EB89DB8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [UDP Query User{06EEF624-D81D-4A12-BF74-852520BA433A}C:\users\kremt_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kremt_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CAC7D31A-3039-4BAE-A9EE-6B540EB7C87C}C:\users\kremt_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kremt_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D655BAC3-6FF7-4D3C-AF5C-786B92339818}C:\users\kremt_000\downloads\urbanterror\iourtded.exe] => (Allow) C:\users\kremt_000\downloads\urbanterror\iourtded.exe
FirewallRules: [TCP Query User{2A9CBFDB-3C7A-4440-9BF9-CE4115AE429A}C:\users\kremt_000\downloads\urbanterror\iourtded.exe] => (Allow) C:\users\kremt_000\downloads\urbanterror\iourtded.exe
FirewallRules: [UDP Query User{6329B52D-219D-4945-BECC-C598C538CE95}C:\users\kremt_000\downloads\urbanterror\iourbanterror.exe] => (Block) C:\users\kremt_000\downloads\urbanterror\iourbanterror.exe
FirewallRules: [TCP Query User{90E328A2-8A7D-4A51-AD1C-6785B380181D}C:\users\kremt_000\downloads\urbanterror\iourbanterror.exe] => (Block) C:\users\kremt_000\downloads\urbanterror\iourbanterror.exe
FirewallRules: [UDP Query User{128C7C58-91AE-4871-A580-356FA022A22D}C:\program files (x86)\urbanterror\iourtded.exe] => (Allow) C:\program files (x86)\urbanterror\iourtded.exe
FirewallRules: [TCP Query User{56E18980-21C9-4422-AB9E-A0C4F39FB1A1}C:\program files (x86)\urbanterror\iourtded.exe] => (Allow) C:\program files (x86)\urbanterror\iourtded.exe
FirewallRules: [UDP Query User{C3FDFDCB-E440-4288-81BF-6FBA515214AD}C:\program files (x86)\urbanterror\iourbanterror.exe] => (Allow) C:\program files (x86)\urbanterror\iourbanterror.exe
FirewallRules: [TCP Query User{388711B1-1274-4C7A-82A6-86ACDE81920D}C:\program files (x86)\urbanterror\iourbanterror.exe] => (Allow) C:\program files (x86)\urbanterror\iourbanterror.exe
FirewallRules: [UDP Query User{D7F35F62-39DB-40A9-95DC-0A95B78A9394}C:\users\kremt_000\downloads\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Allow) C:\users\kremt_000\downloads\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [TCP Query User{C77A50AB-EDF3-4A9C-B919-7270242B2BFE}C:\users\kremt_000\downloads\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Allow) C:\users\kremt_000\downloads\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [UDP Query User{F81769C1-364C-4B30-AA39-39919C128A78}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{136A2520-4D95-4F20-BD23-792E57A38285}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5FD60B17-DB0D-4F96-B32D-133F53759DB1}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Allow) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [TCP Query User{A7FC8B88-2E45-455E-87E3-8590B609A564}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Allow) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [{CE8A05E3-1227-4274-89D2-8D7CC6CD4E5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{597F0652-B2DB-4A3E-ABC3-D2A121775A44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossfire Europe\cf_steam.exe
FirewallRules: [{A8C92B95-F656-4015-B97C-42C9BFDB4E7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossfire Europe\cf_steam.exe
FirewallRules: [UDP Query User{5BF87399-1E33-4713-9DE4-9A67E6998FBB}C:\users\kremt_000\desktop\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\users\kremt_000\desktop\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{4D86F507-1866-4448-BFCB-CB3B073EE9CB}C:\users\kremt_000\desktop\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\users\kremt_000\desktop\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{8D0AE83B-2764-4DD7-98BC-920776F430C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{274B338A-A108-4954-8C61-C378406138D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{75FD11CC-E3DA-4FB2-8444-98974C2C7A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39399E09-2DA0-4BCB-BBCB-CB5DE9D75795}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{2A0D5495-7B9C-4A61-978F-F2C73C514EEB}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Block) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{48AF1D67-BD63-43AB-A6A7-05C829CE5EBE}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Block) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{CAF6BCA9-1F2C-4E2D-9F41-C9D24A393B12}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Block) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [TCP Query User{66A90E34-547F-40D0-BFD3-6814FE4E8412}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Block) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{F61A84BA-F0BA-4A7A-9723-2C7874066872}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Elsword\data\x2.exe
FirewallRules: [{8417FBFE-9BFF-4252-B461-38C774057EA9}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Elsword\data\x2.exe
FirewallRules: [{C102EE51-3857-42B2-811A-88907AE4DF5B}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{7B361DB7-FC31-4146-8135-33CF32DA6396}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{8C4A43BE-68F1-4F2C-BF76-6D4CBCD45CB6}] => (Allow) C:\Users\Blerta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{FF7B45A1-D593-4CAC-A7B2-651B1A72607C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{19510E51-FDF3-43B2-B688-AF374942B500}C:\users\blerta\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\blerta\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8A7D2FF9-1941-4BA4-9FCD-6E6CDEC4DDDF}C:\users\blerta\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\blerta\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B1F09020-642F-48ED-90EF-B17D000F2864}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{36624B97-B31D-4AF0-AA4C-F23CE3440D12}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{D10415CB-8FD2-4915-9A36-A7926B7E04E9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B0732DB1-14E4-43B0-AFA2-7BCF316A780E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{91FC5344-C7B2-4B09-AA81-9417AD2AA61A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{57F3E0FD-5DE7-462C-ADBB-7CFC4D615FD2}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{4FE6359D-0C82-49D2-BB76-A62813DC0029}C:\users\blerta\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\blerta\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CB1A423F-EA1D-4C59-A37E-BD3314C0A061}C:\users\blerta\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\blerta\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3C13EEB1-9084-42FB-AEA1-704876FC1E58}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{1E810C2A-6967-468A-8614-F34A33D5E5DB}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{CF6ED764-8BB9-4872-B71A-09BD833D89AF}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{647A8FF9-D187-4EF0-AAC6-BB66AD38A75F}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [TCP Query User{8C235A4A-A5A7-431B-9990-18F6FBA1DC71}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Block) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [UDP Query User{946BF3B3-6136-46CE-AE0B-BA632C5285D4}C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe] => (Block) C:\users\kremt_000\desktop\urbanterror42_full023\urbanterror42\quake3-urt.exe
FirewallRules: [{9D933F11-7B0E-4F8D-9336-8DCAE92DA2AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
30-01-2016 12:36:28 Windows Update
06-02-2016 23:51:33 Geplanter Prüfpunkt
10-02-2016 13:59:55 Windows Update
17-02-2016 19:46:15 Revo Uninstaller's restore point - Body Text Feathering
17-02-2016 19:48:43 Revo Uninstaller's restore point - DailyPCClean v4.1
17-02-2016 19:55:08 Revo Uninstaller's restore point - MyBestOffersToday 000.037050239
17-02-2016 19:57:14 Revo Uninstaller's restore point - QuickSearch
17-02-2016 19:59:50 Revo Uninstaller's restore point - Satellite Comma
17-02-2016 20:01:42 Revo Uninstaller's restore point - shopperz
17-02-2016 20:05:35 Revo Uninstaller's restore point - yoursearching uninstall
17-02-2016 20:16:41 Revo Uninstaller's restore point - DailyPcClean Support
17-02-2016 20:24:07 Revo Uninstaller's restore point - shopperz
17-02-2016 20:25:56 Revo Uninstaller's restore point - QuickSearch
17-02-2016 20:27:58 Revo Uninstaller's restore point - Text-To-Speech-Runtime
19-02-2016 13:58:31 Revo Uninstaller's restore point - Search module
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/19/2016 02:02:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLERTA)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/19/2016 01:58:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/19/2016 01:57:47 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
Error: (02/18/2016 01:15:04 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Es wird bereits eine Instanz des Dienstes ausgeführt
Error: (02/18/2016 01:15:04 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (02/17/2016 08:30:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLERTA)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/17/2016 08:27:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2016 08:25:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2016 08:24:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2016 08:17:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (02/19/2016 02:09:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/19/2016 02:09:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 6025.22 MB
Verfügbarer physikalischer RAM: 4033.4 MB
Summe virtueller Speicher: 6985.22 MB
Verfügbarer virtueller Speicher: 5018.02 MB
==================== Laufwerke ================================
Drive c: (TI30992300A) (Fixed) (Total:686.58 GB) (Free:540.99 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================ |