| Sasha181 | 20.12.2014 07:28 |
Hallo Schrauber,
vielen Dank und hier ist alles:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Text-Pinsel (administrator) on PINSEL on 20-12-2014 07:15:04
Running from C:\Users\Text-Pinsel\Downloads
Loaded Profiles: Text-Pinsel & Administrator (Available profiles: Text-Pinsel & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Solitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-17] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications))
HKU\$OFFLINE_RW$OFFLINE_USER (1)\...\Run: [GoogleChromeAutoLaunch_5313C6F6EF7BE7F3BE4525595D0089BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3040276933-2083612961-510214359-1001\...\Run: [GoogleChromeAutoLaunch_5313C6F6EF7BE7F3BE4525595D0089BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3040276933-2083612961-510214359-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\$OFFLINE_RW$OFFLINE_USER (1)\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\$OFFLINE_RW$OFFLINE_USER (1)\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\$OFFLINE_RW$OFFLINE_USER (1)\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = CountrySelector - Sony
HKU\$OFFLINE_RW$OFFLINE_USER (1)\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = CountrySelector - Sony
HKU\S-1-5-21-3040276933-2083612961-510214359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\S-1-5-21-3040276933-2083612961-510214359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3040276933-2083612961-510214359-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = CountrySelector - Sony
HKU\S-1-5-21-3040276933-2083612961-510214359-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = CountrySelector - Sony
SearchScopes: HKU\$OFFLINE_RW$OFFLINE_USER (1) -> {C0FFE0E3-02BA-4D9B-81C5-4CA976CFFCF0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3040276933-2083612961-510214359-1001 -> {C0FFE0E3-02BA-4D9B-81C5-4CA976CFFCF0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\$OFFLINE_RW$OFFLINE_USER: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\$OFFLINE_RW$OFFLINE_USER: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin HKU\S-1-5-21-3040276933-2083612961-510214359-500: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-3040276933-2083612961-510214359-500: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.heute.de/
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-19]
CHR Extension: (Google Docs) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-19]
CHR Extension: (YouTube) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Sprachsuche auf Google.de) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjohpibkidafdmnkjbohgadpbjdohbm [2014-12-19]
CHR Extension: (Google-Suche) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Google Tabellen) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-19]
CHR Extension: (Avira SafeSearch) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffalmjohbhdhlkajphgkhloccibhmoog [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-12-19]
CHR Extension: (Speed Dial 2) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-12-19]
CHR Extension: (Erweiterung \) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2014-12-19]
CHR Extension: (Google Mail) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR Extension: (RSS Feed Reader) - C:\Users\Text-Pinsel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-12-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [File not signed]
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-19] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428008 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-19] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 07:15 - 2014-12-20 07:16 - 00020072 _____ () C:\Users\Text-Pinsel\Downloads\FRST.txt
2014-12-20 07:14 - 2014-12-20 07:15 - 00000000 ____D () C:\FRST
2014-12-20 07:14 - 2014-12-20 07:14 - 02121216 _____ (Farbar) C:\Users\Text-Pinsel\Downloads\FRST64.exe
2014-12-20 06:36 - 2014-12-20 06:36 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-19 15:28 - 2014-12-19 15:28 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\OpenOffice
2014-12-19 15:27 - 2014-12-19 15:27 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-12-19 15:27 - 2014-12-19 15:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-12-19 15:26 - 2014-12-19 15:26 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-12-19 15:20 - 2014-12-19 15:20 - 00000000 ____D () C:\Users\Text-Pinsel\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-12-19 15:16 - 2014-12-19 15:16 - 164858324 _____ () C:\Users\Text-Pinsel\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-12-19 14:58 - 2014-12-19 14:58 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-19 14:58 - 2014-12-19 14:58 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-12-19 14:55 - 2014-12-20 06:37 - 00000000 ___RD () C:\Users\Text-Pinsel\OneDrive
2014-12-19 14:47 - 2014-12-19 14:47 - 00001450 _____ () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-19 14:46 - 2014-12-19 14:46 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-12-19 14:46 - 2014-12-19 14:46 - 00000020 ___SH () C:\Users\Text-Pinsel\ntuser.ini
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-19 14:29 - 2014-12-19 14:29 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-19 14:27 - 2014-12-19 17:44 - 00254245 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-19 14:26 - 2014-12-19 14:26 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-12-19 14:11 - 2014-12-19 14:11 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-19 14:08 - 2014-12-19 14:08 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-12-19 14:07 - 2014-12-19 14:55 - 00000000 ____D () C:\Users\Text-Pinsel
2014-12-19 14:07 - 2014-12-19 14:27 - 00032388 _____ () C:\WINDOWS\diagwrn.xml
2014-12-19 14:07 - 2014-12-19 14:27 - 00032388 _____ () C:\WINDOWS\diagerr.xml
2014-12-19 14:07 - 2014-12-19 14:21 - 00000000 ____D () C:\Users\Administrator
2014-12-19 14:07 - 2014-12-19 14:08 - 00000000 ___RD () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 14:07 - 2014-12-19 14:08 - 00000000 ___RD () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-19 14:07 - 2014-12-19 14:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 14:07 - 2014-12-19 14:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Vorlagen
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Startmenü
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Netzwerkumgebung
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Lokale Einstellungen
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Eigene Dateien
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Druckumgebung
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Documents\Eigene Musik
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Documents\Eigene Bilder
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\AppData\Local\Verlauf
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\AppData\Local\Anwendungsdaten
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Text-Pinsel\Anwendungsdaten
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-12-19 14:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-19 14:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-19 14:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-19 14:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-19 14:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 14:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 14:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 14:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 13:58 - 2014-12-19 14:10 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-19 13:58 - 2014-12-19 13:58 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-12-19 13:58 - 2014-12-19 13:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-12-19 13:57 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-12-19 13:57 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-12-19 13:56 - 2014-12-19 13:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-12-19 13:56 - 2014-12-19 13:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-12-19 13:56 - 2014-12-19 13:56 - 00000000 ____D () C:\Program Files\Synaptics
2014-12-19 13:56 - 2014-12-19 13:56 - 00000000 ____D () C:\Program Files\Realtek
2014-12-19 13:53 - 2014-12-20 06:41 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-19 13:52 - 2014-12-19 13:52 - 00000000 ____D () C:\Windows.old
2014-12-19 13:45 - 2014-12-19 13:45 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-12-19 13:45 - 2014-12-19 13:45 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-12-19 13:45 - 2014-12-19 13:45 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-12-19 13:45 - 2014-12-19 13:45 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-19 13:44 - 2014-12-19 13:44 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-19 13:44 - 2014-12-19 13:44 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-19 13:44 - 2014-12-19 13:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-19 13:44 - 2014-12-19 13:44 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-19 13:44 - 2014-12-19 13:44 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-19 13:44 - 2014-12-19 13:44 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-19 13:43 - 2014-12-19 13:43 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-19 13:43 - 2014-12-19 13:43 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-12-19 13:43 - 2014-12-19 13:43 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-12-19 13:43 - 2014-12-19 13:43 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-12-19 13:43 - 2014-12-19 13:43 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00054592 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-12-19 13:42 - 2014-12-19 13:42 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-12-19 13:42 - 2014-12-19 13:42 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-12-19 13:41 - 2014-12-19 13:41 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-12-19 13:41 - 2014-12-19 13:41 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-12-19 13:41 - 2014-12-19 13:41 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-12-19 13:41 - 2014-12-19 13:41 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-12-19 13:41 - 2014-12-19 13:41 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-12-19 13:41 - 2014-12-19 13:41 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-12-19 13:41 - 2014-12-19 13:41 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-12-19 13:39 - 2014-12-19 13:39 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-12-19 13:39 - 2014-12-19 13:39 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-12-19 13:39 - 2014-12-19 13:39 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-12-19 13:39 - 2014-12-19 13:39 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-12-19 13:39 - 2014-12-19 13:39 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-12-19 13:39 - 2014-12-19 13:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-12-19 13:39 - 2014-12-19 13:39 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-12-19 13:39 - 2014-12-19 13:39 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-12-19 13:38 - 2014-12-19 13:38 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-12-19 13:38 - 2014-12-19 13:38 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-12-19 13:37 - 2014-12-19 13:37 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-12-19 13:37 - 2014-12-19 13:37 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-12-19 13:35 - 2014-12-19 13:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-12-19 13:35 - 2014-12-19 13:35 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-12-19 13:35 - 2014-12-19 13:35 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-19 13:35 - 2014-12-19 13:35 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-12-19 13:35 - 2014-12-19 13:35 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-19 13:34 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-12-19 13:34 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-19 13:34 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-12-19 13:34 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-12-19 13:34 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-19 13:34 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-12-19 13:01 - 2014-12-19 14:27 - 00006585 _____ () C:\WINDOWS\comsetup.log
2014-12-19 11:33 - 2014-12-20 06:48 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 11:33 - 2014-12-19 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 11:33 - 2014-12-19 11:34 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 11:32 - 2014-12-19 11:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 11:32 - 2014-12-19 11:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 11:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-19 11:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-19 11:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-19 11:31 - 2014-12-19 11:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Text-Pinsel\Downloads\mbam-setup-2.0.4.1028 (1).exe
2014-12-19 11:30 - 2014-12-19 11:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Text-Pinsel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-19 09:15 - 2014-12-19 14:10 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-19 09:01 - 2014-12-19 09:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-19 09:01 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-19 08:10 - 2014-12-19 08:10 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Avira
2014-12-19 08:08 - 2014-12-19 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 08:08 - 2014-12-19 08:08 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-19 08:08 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-12-19 08:08 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-12-19 08:08 - 2014-11-24 10:23 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-12-19 08:08 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-12-19 08:07 - 2014-12-19 08:07 - 00000000 ____D () C:\ProgramData\Avira
2014-12-19 08:07 - 2014-12-19 08:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-19 07:36 - 2014-12-19 07:37 - 175605432 _____ () C:\Users\Text-Pinsel\Downloads\avira_antivirus_pro_de.exe
2014-12-19 07:18 - 2014-12-05 02:41 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-19 07:18 - 2014-12-05 02:41 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-19 07:18 - 2014-12-03 02:48 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-19 07:12 - 2014-12-19 07:12 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-19 07:12 - 2014-12-19 07:12 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Thunderbird
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Mozilla
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\Thunderbird
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-19 07:12 - 2014-12-19 07:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 07:10 - 2014-12-19 07:10 - 26316120 _____ (Mozilla) C:\Users\Text-Pinsel\Downloads\Thunderbird Setup 31.3.0.exe
2014-12-19 07:03 - 2014-12-19 14:23 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 07:03 - 2014-12-19 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 06:49 - 2013-05-04 05:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2014-12-19 06:49 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2014-12-19 06:36 - 2014-12-19 06:36 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Macromedia
2014-12-19 06:35 - 2014-12-20 06:40 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 06:35 - 2014-12-20 06:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 06:35 - 2014-12-19 07:03 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\Google
2014-12-19 06:35 - 2014-12-19 07:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 06:35 - 2014-12-19 06:35 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 06:35 - 2014-12-19 06:35 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 06:34 - 2014-12-19 06:34 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\Apps\2.0
2014-12-18 18:30 - 2014-12-19 11:03 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\CrashDumps
2014-12-18 17:47 - 2014-12-19 18:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3040276933-2083612961-510214359-1001
2014-12-18 17:41 - 2014-12-18 17:41 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\BMExplorer
2014-12-18 17:40 - 2014-12-18 17:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-12-18 17:40 - 2014-12-18 17:40 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Atheros
2014-12-18 17:39 - 2014-12-18 17:39 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\Sony Corporation
2014-12-18 17:38 - 2014-12-18 17:38 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
2014-12-18 17:38 - 2014-12-18 17:38 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Adobe
2014-12-18 17:37 - 2014-12-19 14:13 - 00000000 ____D () C:\WINDOWS\SysWOW64\VAIO Startup Setting Tool
2014-12-18 17:37 - 2014-12-18 17:51 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Roaming\Sony Corporation
2014-12-18 17:37 - 2014-12-18 17:37 - 00000000 ____D () C:\WINDOWS\pss
2014-12-18 17:35 - 2014-12-19 17:43 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\Packages
2014-12-18 17:35 - 2014-12-18 17:35 - 00000000 ____D () C:\Users\Text-Pinsel\AppData\Local\VirtualStore
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Vorlagen
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Startmenü
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Netzwerkumgebung
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Lokale Einstellungen
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Eigene Dateien
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Druckumgebung
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Musik
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Bilder
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Verlauf
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Anwendungsdaten
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Users\Default.migrated\Anwendungsdaten
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-18 17:23 - 2014-12-18 17:23 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-18 16:42 - 2014-12-18 19:03 - 00000000 ___HD () C:\$SysReset
2014-12-13 10:51 - 2014-12-16 16:15 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Felix
2014-12-13 07:13 - 2014-12-13 07:18 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Catikkas
2014-12-13 07:12 - 2014-12-19 16:01 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Samuel
2014-12-13 06:58 - 2014-12-14 08:35 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Pascal
2014-11-30 09:52 - 2014-11-30 09:52 - 00039458 _____ () C:\Users\Text-Pinsel\Documents\Hilfe.odt
2014-11-30 09:51 - 2014-11-30 09:51 - 00128216 _____ () C:\Users\Text-Pinsel\Documents\Tutorials.html
2014-11-30 09:51 - 2014-11-30 09:51 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Tutorials_files
2014-11-29 10:20 - 2014-11-29 10:20 - 00341105 _____ () C:\Users\Text-Pinsel\Downloads\affiliatetheme-amazon (1).zip
2014-11-29 10:18 - 2014-11-29 10:18 - 00013164 _____ () C:\Users\Text-Pinsel\Downloads\advanced-custom-field-export (2).xml
2014-11-29 10:11 - 2014-11-29 10:11 - 00013164 _____ () C:\Users\Text-Pinsel\Downloads\advanced-custom-field-export (1).xml
2014-11-29 10:09 - 2014-11-29 10:09 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Neuer Ordner
2014-11-29 10:08 - 2014-11-29 10:08 - 00341105 _____ () C:\Users\Text-Pinsel\Downloads\affiliatetheme-amazon.zip
2014-11-29 10:08 - 2014-11-29 10:08 - 00013164 _____ () C:\Users\Text-Pinsel\Downloads\advanced-custom-field-export.xml
2014-11-29 10:07 - 2014-11-29 10:07 - 01588604 _____ () C:\Users\Text-Pinsel\Downloads\affiliatetheme (2).zip
2014-11-29 10:07 - 2014-11-29 10:07 - 00138850 _____ () C:\Users\Text-Pinsel\Downloads\affiliatetheme-child.rar
2014-11-23 17:32 - 2014-11-23 17:32 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Bluetooth Folder
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 07:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-19 15:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-12-19 15:00 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-19 15:00 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-19 15:00 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-19 14:58 - 2013-08-22 15:46 - 00323247 _____ () C:\WINDOWS\setupact.log
2014-12-19 14:58 - 2013-08-22 15:46 - 00000262 _____ () C:\WINDOWS\setuperr.log
2014-12-19 14:58 - 2013-08-21 08:43 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-12-19 14:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-19 14:53 - 2014-09-24 16:19 - 00000000 ___HD () C:\$Windows.~BT
2014-12-19 14:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-19 14:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-19 14:29 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-19 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-19 14:26 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-19 14:23 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-12-19 14:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-19 14:14 - 2014-09-23 22:06 - 00006890 _____ () C:\WINDOWS\PFRO.log
2014-12-19 14:14 - 2013-08-22 15:44 - 00359936 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-19 14:13 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-12-19 14:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-19 14:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-19 14:13 - 2013-08-21 10:16 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-12-19 14:13 - 2013-08-21 09:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-19 14:13 - 2013-08-21 09:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2014-12-19 14:13 - 2013-08-21 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(R) center
2014-12-19 14:13 - 2013-08-21 09:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-12-19 14:13 - 2013-08-21 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-12-19 14:13 - 2013-08-21 08:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-19 14:11 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-19 14:11 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-12-19 14:11 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-12-19 14:11 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-12-19 14:11 - 2013-08-22 16:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-12-19 14:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-12-19 14:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-12-19 14:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-12-19 14:11 - 2013-08-21 08:50 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-12-19 14:11 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2014-12-19 14:10 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-19 14:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-19 14:10 - 2013-08-21 10:23 - 00000000 ____D () C:\WINDOWS\system32\%AppData%
2014-12-19 14:10 - 2012-08-03 03:25 - 00000000 ____D () C:\ProgramData\PRICache
2014-12-19 14:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-12-19 14:08 - 2012-08-03 03:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-12-19 13:53 - 2013-10-26 10:15 - 00000000 __SHD () C:\Recovery
2014-12-19 13:52 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-12-19 13:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-19 13:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-19 13:42 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 13:42 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 13:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-19 13:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-19 13:39 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-19 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-12-19 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-12-19 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-12-19 13:24 - 2013-08-21 08:08 - 01518930 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-12-19 12:41 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-12-19 12:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 09:21 - 2013-08-21 08:57 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-19 08:02 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-19 07:52 - 2013-08-21 09:23 - 00000000 ____D () C:\Program Files\McAfeeEx
2014-12-18 17:41 - 2013-08-21 10:24 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-18 17:41 - 2013-08-21 08:59 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-12-18 17:38 - 2013-08-21 08:59 - 00000000 ____D () C:\Program Files\Sony
2014-12-18 17:37 - 2013-08-21 09:17 - 00000000 ____D () C:\WINDOWS\System32\Tasks\SONY
2014-12-06 17:34 - 2014-10-08 15:02 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Gesundes Laufen
2014-11-29 10:18 - 2014-07-05 12:23 - 00000000 ____D () C:\Users\Text-Pinsel\Documents\Wordpress
2014-11-29 10:06 - 2013-11-30 17:53 - 00604672 ___SH () C:\Users\Text-Pinsel\Downloads\Thumbs.db
Some content of TEMP:
====================
C:\Users\Text-Pinsel\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-19 13:54
==================== End Of Log ============================
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Text-Pinsel at 2014-12-20 07:16:47
Running from C:\Users\Text-Pinsel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.0.2.10230 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3040276933-2083612961-510214359-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
19-12-2014 15:20:22 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07BE30B1-0678-45C5-9DF7-10F3EE8EBF7C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {17F8A37D-B475-4609-BD73-03DD205518E2} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {4405D024-CF5C-41AE-BE5E-506BB36D37B7} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {4D72AA35-8800-421E-B8C7-22F9C8C95FD7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {5022C58F-CD5A-4C04-8836-A9D123D5A97E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {512ED738-5B72-45F9-9BB9-AC6DD29579FD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {5BEDB72A-CE4D-4A70-A015-474364CE2651} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {68EA3E00-1579-49B7-AA29-30A87C7E7DB2} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {73E68C89-2062-4B52-A0BF-C0C7C2B59956} - System32\Tasks\Sony Corporation\VAIO Care Rescue Tool => C:\Windows\Temp\VAIO Care Rescue Tool.vbs
Task: {76A3C241-DE1F-4B93-B27D-31DA74552F71} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-23] (Sony Corporation)
Task: {78423E8B-BA51-41E3-8827-107A627AD60B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {78DFC5E7-AAAF-4084-A7C5-E681AB7689FA} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {85B59369-8F16-419F-BB71-A39116DBB81B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {87AD6A54-3968-4558-9A69-B807E0CE5EF6} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {8EECE8BE-CA9D-420C-B0B9-0D09EDAE34EA} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {9FFC31DA-67F2-48C9-AA7D-A3ACF4C690AE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {A58410EF-4CEA-4522-9DE5-54C486F7F281} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {A8D250E0-6ED4-478A-A048-9EB787C6EF6E} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-10-31] (Sony Corporation)
Task: {ABFFAA44-2D09-41D5-B1EC-2248DCD6FE2D} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {C4161EC3-F107-4378-9B97-FE255E155A45} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {CAD7E5AA-EF71-4411-991D-3F28505AC3E0} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {CC2A07B0-E101-4153-A21C-6D889504D690} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {D3ED799F-5EE1-4642-A060-72B286D71B0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2012-12-28 11:07 - 2012-12-28 11:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 11:04 - 2012-12-28 11:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 11:09 - 2012-12-28 11:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-12-28 11:10 - 2012-12-28 11:10 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-12-28 11:04 - 2012-12-28 11:04 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2013-08-21 08:49 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-19 07:03 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 07:03 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 07:03 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 07:03 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-19 07:12 - 2014-11-28 01:09 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-12-19 07:12 - 2014-11-28 01:09 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-19 07:12 - 2014-11-28 01:09 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-08-21 10:08 - 2012-08-15 22:31 - 00037376 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.DDSLoader.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Text-Pinsel\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Text-Pinsel\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3040276933-2083612961-510214359-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3040276933-2083612961-510214359-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3040276933-2083612961-510214359-1007 - Limited - Enabled)
Text-Pinsel (S-1-5-21-3040276933-2083612961-510214359-1001 - Administrator - Enabled) => C:\Users\Text-Pinsel
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth VDP Device
Description: Bluetooth VDP Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_VDP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2014 02:55:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10e8
Startzeit: 01d01b92bc54c6a0
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: b08819a0-8786-11e4-8250-b8763ffc688a
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/19/2014 02:27:01 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "AVWMIEVTProv" wurde versucht, die Abfrage "select * from Event_Notification" zu registrieren, deren Zielklasse "Event_Notification" im Namespace "//./ROOT/CIMV2/Applications/Avira_AntiVir" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (12/19/2014 02:27:01 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from Event_Notification" zu registrieren, deren Zielklasse "Event_Notification" im Namespace "//./ROOT/CIMV2/Applications/Avira_AntiVir" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (12/19/2014 02:23:54 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: RegQueryValueEx:init_ctr_translation_tables:1: Failed with error 0xea: Es sind mehr Daten verfügbar.
Error: (12/19/2014 11:03:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17183, Zeitstempel: 0x546ebc2a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023ea0
ID des fehlerhaften Prozesses: 0x12c0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (12/19/2014 08:23:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16433 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a00
Startzeit: 01d01b4d62c7d6bc
Endzeit: 2561
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: beeca013-874f-11e4-be75-b8763ffc688a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (12/19/2014 06:31:15 PM) (Source: DCOM) (EventID: 10010) (User: PINSEL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (12/19/2014 06:30:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/19/2014 02:58:25 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (12/19/2014 02:27:28 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (12/19/2014 02:26:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (12/19/2014 02:55:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049810e801d01b92bc54c6a04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exeb08819a0-8786-11e4-8250-b8763ffc688amicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
Error: (12/19/2014 02:50:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PINSEL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
Error: (12/19/2014 02:27:01 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: AVWMIEVTProvselect * from Event_NotificationEvent_Notification//./ROOT/CIMV2/Applications/Avira_AntiVir
Error: (12/19/2014 02:27:01 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from Event_NotificationEvent_Notification//./ROOT/CIMV2/Applications/Avira_AntiVir
Error: (12/19/2014 02:23:54 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: RegQueryValueEx:init_ctr_translation_tables:1: Failed with error 0xea: Es sind mehr Daten verfügbar.
Error: (12/19/2014 11:03:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2antdll.dll6.2.9200.16578515fac6ec000000500023ea012c001d01b730640428aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll464ccdf5-8766-11e4-be77-b8763ffc688a
Error: (12/19/2014 08:23:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.164331a0001d01b4d62c7d6bc2561C:\WINDOWS\Explorer.EXEbeeca013-874f-11e4-be75-b8763ffc688a
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3975.27 MB
Available physical RAM: 1672.62 MB
Total Pagefile: 5383.27 MB
Available Pagefile: 1941.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:436.63 GB) (Free:399.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5C913EC9)
Partition: GPT Partition Type.
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit