Dann also nochmal:
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by ferha_000 at 2015-06-16 14:04:25
Running from C:\Users\ferha_000\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-434705092-2638260658-2582877144-500 - Administrator - Disabled)
ferha_000 (S-1-5-21-434705092-2638260658-2582877144-1001 - Administrator - Enabled) => C:\Users\ferha_000
Gast (S-1-5-21-434705092-2638260658-2582877144-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: STOPzilla AntiVirus (Disabled - Out of date) {581418F3-DCB4-03A7-8970-1C2B5929FC27}
AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: STOPzilla AntiVirus (Disabled - Out of date) {E375F917-FA8E-0C29-B3C0-275922AEB69A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STOPzilla AntiVirus (HKLM-x32\...\{02CAF877-2F2D-4B7C-80FC-7BA7626DE501}) (Version: 7.0.2.23 - iS3, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
25-05-2015 11:36:29 Microsoft PowerPoint Viewer wird installiert
02-06-2015 15:20:04 Geplanter Prüfpunkt
08-06-2015 13:09:57 Windows Update
16-06-2015 10:55:16 TuneUp Utilities 2014 wird entfernt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1B98D009-431E-48F9-AE96-08BDF2352F5F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {23E7FC5D-E112-46F9-8B6F-27379A91860F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {29E918E7-CBA3-42FA-AEB8-C775D4160969} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2A075788-4128-40B7-91A0-8DB916237026} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {37D5E685-77FF-43D7-B95E-3C20F49062F6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {42604379-75D8-4FED-B80C-6E4937B4C817} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation)
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {56033DA6-4D71-437A-844C-837C443E928F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {666A61C2-7941-4E6D-8580-EA24B6F5F98C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {6B285CCF-94D8-4BAB-96E6-8E34B04F6213} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6E96C7E0-BBE4-41EF-9576-600D0F38AC3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {9D9684E6-93D0-4771-A075-55B022D0F8B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {DA16CDE3-E829-4C90-AE03-4FDFBF587E4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {DEF3AD57-DF6F-4933-8764-BC65C9411E3A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {E009E495-1A0E-4953-8D32-DE2989DD8E06} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E5B9BCF7-C8EB-4A82-9C49-0C0A10FC52FF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2011-10-14 00:38 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-05 00:19 - 2012-09-05 00:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 04:38 - 2012-07-19 04:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 05:13 - 2012-08-14 05:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2015-06-07 09:07 - 2015-06-07 09:07 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-06-07 09:37 - 2015-06-07 09:37 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-06-07 09:07 - 2015-06-07 09:07 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-06-10 09:17 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 09:17 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2013-02-03 07:05 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-16 12:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-16 12:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-16 12:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-16 12:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-16 12:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-10 09:17 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\ferha_000\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-434705092-2638260658-2582877144-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-434705092-2638260658-2582877144-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{26CC719B-557A-4B83-AABF-3217AAACDFF5}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A0F4D1BB-0327-40AB-B916-C7227ABBAB4A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5AC383A1-73AD-4CCB-B4BE-3C4691328097}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7FA3F2AE-E4F2-479B-99A3-49A18D86FDAA}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{A1AF53BC-8B3C-4F66-A9A6-301876A25673}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{4CFC1D16-C447-4B02-9DB0-1C50470DA803}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8580411F-0168-47ED-913A-858793A13966}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E15AC07D-0691-4E80-9D09-01C779B837E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E143D672-985B-45AE-89B1-F624A6145251}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3863491A-95DE-4CE8-BA02-46FD701C4FCB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{86A06873-DA6A-476C-8099-1C1520D08E79}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{BFAEDC95-E258-4CFC-9CD2-28248DC6C9DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{ADC8AE55-F017-48FC-B47C-DA7963688115}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D1687683-F82B-4805-9468-53D7F791AD46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{A4F4FD07-7094-45C4-A4D9-892A01B989FE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5BFC3E60-9CD5-4C13-BBED-18CA9968C2C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2015 00:55:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDScan.exe, Version 2.4.40.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ce0
Startzeit: 01d0a81f30111341
Endzeit: 8
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Berichts-ID: 2bf16ace-1416-11e5-be87-c0d9623f88e9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/16/2015 10:04:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 14.0.1000.275, Zeitstempel: 0x532ae230
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503d84
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b8d3
ID des fehlerhaften Prozesses: 0x614
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3
Vollständiger Name des fehlerhaften Pakets: TuneUpSystemStatusCheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TuneUpSystemStatusCheck.exe5
Error: (06/13/2015 05:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: googleearth.exe, Version: 7.1.5.1557, Zeitstempel: 0x555d17ea
Name des fehlerhaften Moduls: googleearth_free.dll, Version: 0.0.0.0, Zeitstempel: 0x555d17c3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00b5eeb2
ID des fehlerhaften Prozesses: 0x18f4
Startzeit der fehlerhaften Anwendung: 0xgoogleearth.exe0
Pfad der fehlerhaften Anwendung: googleearth.exe1
Pfad des fehlerhaften Moduls: googleearth.exe2
Berichtskennung: googleearth.exe3
Vollständiger Name des fehlerhaften Pakets: googleearth.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: googleearth.exe5
Error: (06/13/2015 04:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64, Zeitstempel: 0x50459b38
Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version: 16.2.10.5, Zeitstempel: 0x502d552e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002038c
ID des fehlerhaften Prozesses: 0x114c
Startzeit der fehlerhaften Anwendung: 0xTCrdMain_Win8.exe0
Pfad der fehlerhaften Anwendung: TCrdMain_Win8.exe1
Pfad des fehlerhaften Moduls: TCrdMain_Win8.exe2
Berichtskennung: TCrdMain_Win8.exe3
Vollständiger Name des fehlerhaften Pakets: TCrdMain_Win8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TCrdMain_Win8.exe5
Error: (06/09/2015 10:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64, Zeitstempel: 0x50459b38
Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version: 16.2.10.5, Zeitstempel: 0x502d552e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002038c
ID des fehlerhaften Prozesses: 0x730
Startzeit der fehlerhaften Anwendung: 0xTCrdMain_Win8.exe0
Pfad der fehlerhaften Anwendung: TCrdMain_Win8.exe1
Pfad des fehlerhaften Moduls: TCrdMain_Win8.exe2
Berichtskennung: TCrdMain_Win8.exe3
Vollständiger Name des fehlerhaften Pakets: TCrdMain_Win8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TCrdMain_Win8.exe5
Error: (06/08/2015 05:22:05 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/06/2015 11:00:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1744
Startzeit: 01d0a020a0788bbd
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 67a2e118-0c2a-11e5-be81-c0d9623f88e9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/30/2015 03:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64, Zeitstempel: 0x50459b38
Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version: 16.2.10.5, Zeitstempel: 0x502d552e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002038c
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xTCrdMain_Win8.exe0
Pfad der fehlerhaften Anwendung: TCrdMain_Win8.exe1
Pfad des fehlerhaften Moduls: TCrdMain_Win8.exe2
Berichtskennung: TCrdMain_Win8.exe3
Vollständiger Name des fehlerhaften Pakets: TCrdMain_Win8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TCrdMain_Win8.exe5
Error: (05/28/2015 10:28:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/28/2015 10:28:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/16/2015 00:00:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Mgr PositiveFinds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/16/2015 00:00:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update Mgr PositiveFinds erreicht.
Error: (06/16/2015 11:59:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/16/2015 11:59:47 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/16/2015 11:59:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (06/16/2015 11:59:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 11:59:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/16/2015 11:59:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TMachInfo" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/16/2015 11:59:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/16/2015 11:59:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (06/16/2015 00:55:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.181ce001d0a81f301113418C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe2bf16ace-1416-11e5-be87-c0d9623f88e9
Error: (06/16/2015 10:04:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpSystemStatusCheck.exe14.0.1000.275532ae230combase.dll6.3.9600.1741554503d84c00000050002b8d361401d0a80b063427dfC:\Program Files (x86)\TuneUp Utilities 2014\TuneUpSystemStatusCheck.exeC:\WINDOWS\SYSTEM32\combase.dll4c3f30a0-13fe-11e5-be85-c0d9623f88e9
Error: (06/13/2015 05:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: googleearth.exe7.1.5.1557555d17eagoogleearth_free.dll0.0.0.0555d17c3c000040900b5eeb218f401d0a5e5dfe4c727C:\Program Files (x86)\Google\Google Earth\client\googleearth.exeC:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dllc0674a6d-11dd-11e5-be84-c0d9623f88e9
Error: (06/13/2015 04:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.4.6450459b38SynCOM.dll_unloaded16.2.10.5502d552ec0000005000000000002038c114c01d0a5e3cdd7d717C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll271b81b3-11d9-11e5-be84-c0d9623f88e9
Error: (06/09/2015 10:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.4.6450459b38SynCOM.dll_unloaded16.2.10.5502d552ec0000005000000000002038c73001d0a28d323d21b1C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll8c7786ad-0e82-11e5-be82-c0d9623f88e9
Error: (06/08/2015 05:22:05 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/06/2015 11:00:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667174401d0a020a0788bbd4294967295C:\WINDOWS\Explorer.EXE67a2e118-0c2a-11e5-be81-c0d9623f88e9
Error: (05/30/2015 03:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.4.6450459b38SynCOM.dll_unloaded16.2.10.5502d552ec0000005000000000002038ca6801d09adac5b50454C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll20ce1633-06d0-11e5-be81-c0d9623f88e9
Error: (05/28/2015 10:28:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (05/28/2015 10:28:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3979.22 MB
Available physical RAM: 1308.22 MB
Total Pagefile: 4747.22 MB
Available Pagefile: 2263.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:454.48 GB) (Free:420.58 GB) NTFS
Drive d: (TOSHIBA) (Removable) (Total:3.84 GB) (Free:2.38 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- ---
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ferha_000 (administrator) on WINDOWS on 16-06-2015 14:03:03
Running from C:\Users\ferha_000\Downloads
Loaded Profiles: ferha_000 (Available Profiles: ferha_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe
(iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\STOPzilla.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\ferha_000\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-05] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-434705092-2638260658-2582877144-1001\...\MountPoints2: {24ef5468-9dfe-11e4-824e-806e6f6e6963} - "E:\SETUP.EXE"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-434705092-2638260658-2582877144-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ferha_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ferha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-16]
CHR Extension: (Google Wallet) - C:\Users\ferha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe [3937472 2014-01-07] (ThreatTrack Security, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 sz7; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe [1715904 2015-06-04] (iS3, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [285152 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-10-01] (ThreatTrack Security, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 14:03 - 2015-06-16 14:03 - 00014141 _____ C:\Users\ferha_000\Downloads\FRST.txt
2015-06-16 14:02 - 2015-06-16 14:03 - 00000000 ____D C:\FRST
2015-06-16 14:02 - 2015-06-16 14:02 - 02109952 _____ (Farbar) C:\Users\ferha_000\Downloads\Nicht bestätigt 37787.crdownload
2015-06-16 14:02 - 2015-06-16 14:02 - 02109952 _____ (Farbar) C:\Users\ferha_000\Downloads\FRST64 (1).exe
2015-06-16 13:59 - 2015-06-16 13:59 - 01148416 _____ (Farbar) C:\Users\ferha_000\Downloads\FRST.exe
2015-06-16 13:29 - 2015-06-16 13:29 - 00000000 ____D C:\ProgramData\Avg_Update_0215pit
2015-06-16 13:14 - 2015-06-16 13:14 - 00000997 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-16 13:14 - 2015-06-16 13:14 - 00000000 ____D C:\Users\ferha_000\AppData\Roaming\AVG2015
2015-06-16 13:14 - 2015-06-16 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-16 13:14 - 2015-06-16 13:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-16 13:13 - 2015-06-16 13:44 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ___HD C:\$AVG
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-16 12:56 - 2015-06-16 13:29 - 00000000 ____D C:\Users\ferha_000\AppData\Local\Avg2015
2015-06-16 12:56 - 2015-06-16 13:28 - 00000000 ____D C:\ProgramData\MFAData
2015-06-16 12:56 - 2015-06-16 12:56 - 04578024 _____ (AVG Technologies) C:\Users\ferha_000\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2015-06-16 12:56 - 2015-06-16 12:56 - 00000000 ____D C:\Users\ferha_000\AppData\Local\MFAData
2015-06-16 12:53 - 2015-06-16 12:53 - 00001373 _____ C:\WINDOWS\wininit.ini
2015-06-16 12:18 - 2015-06-16 12:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-06-16 12:17 - 2015-06-16 12:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-16 12:17 - 2015-06-16 12:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-16 12:17 - 2015-06-16 12:17 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-16 12:17 - 2015-06-16 12:17 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-16 12:17 - 2015-06-16 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-16 12:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-16 12:13 - 2015-06-16 12:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ferha_000\Downloads\spybot-2.4.exe
2015-06-16 12:07 - 2015-06-16 13:07 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-06-16 12:07 - 2015-06-16 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2015-06-16 12:07 - 2015-06-16 12:07 - 00000000 ____D C:\Program Files (x86)\iS3
2015-06-16 12:07 - 2013-10-01 16:31 - 00260816 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFw.sys
2015-06-16 12:07 - 2013-10-01 16:31 - 00063184 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbhips.sys
2015-06-16 12:07 - 2013-03-26 15:58 - 00120608 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFwIm.sys
2015-06-16 12:04 - 2015-06-16 12:04 - 02042328 _____ (iS3, Inc.) C:\Users\ferha_000\Downloads\STOPzillaPRO_Downloader.exe
2015-06-16 11:57 - 2015-06-16 11:59 - 00000000 ____D C:\AdwCleaner
2015-06-16 11:56 - 2015-06-16 11:56 - 02231296 _____ C:\Users\ferha_000\Downloads\adwcleaner_4.206.exe
2015-06-16 11:53 - 2015-06-16 11:54 - 02042328 _____ (iS3, Inc.) C:\Users\ferha_000\Downloads\Nicht bestätigt 617178.crdownload
2015-06-16 11:24 - 2015-06-16 11:24 - 00000000 _____ C:\autoexec.bat
2015-06-16 11:19 - 2015-06-16 11:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\ferha_000\Downloads\SpyHunter-Installer.exe
2015-06-16 11:19 - 2015-06-16 11:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\ferha_000\Downloads\SpyHunter-Installer (2).exe
2015-06-16 11:19 - 2015-06-16 11:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\ferha_000\Downloads\SpyHunter-Installer (1).exe
2015-06-16 11:00 - 2015-06-16 11:00 - 00000000 ____D C:\Users\ferha_000\Downloads\RevoUninstallerPortable
2015-06-16 10:59 - 2015-06-16 11:00 - 02785665 _____ (PortableApps.com) C:\Users\ferha_000\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-06-10 09:03 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 09:03 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 09:03 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 09:03 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 09:03 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 09:03 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 09:03 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 09:03 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 09:03 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 09:02 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 09:02 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 09:02 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 09:01 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 09:01 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 09:01 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 09:01 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 09:01 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 09:01 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 09:01 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 09:01 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 09:01 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 09:01 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 09:01 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 09:01 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 09:01 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 09:01 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 09:01 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 09:01 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 09:01 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 09:01 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 09:01 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 09:01 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 09:01 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 09:01 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 09:01 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 09:01 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 09:01 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 09:01 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 09:01 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 09:01 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 09:01 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 09:01 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 09:01 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 09:01 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 09:01 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 09:01 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 09:01 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 09:01 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 09:01 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 09:01 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 09:01 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 09:01 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 09:01 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 09:01 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 09:01 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 09:01 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 09:01 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 09:01 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 09:01 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 09:01 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 09:01 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 09:01 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 09:01 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 09:01 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 09:01 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 09:01 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 09:01 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 09:01 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 09:01 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 09:01 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 09:01 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 09:01 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 09:00 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-08 12:09 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-08 12:09 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-08 12:09 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 16:44 - 2015-06-03 16:44 - 00000000 ____D C:\Users\ferha_000\AppData\Local\GWX
2015-05-29 18:12 - 2015-05-29 18:12 - 00223744 _____ C:\Users\ferha_000\Downloads\Losung Examensklausur vom 27.09.2014.ppt
2015-05-27 15:37 - 2015-05-27 15:37 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-05-27 15:36 - 2015-05-28 09:47 - 00000000 ____D C:\ProgramData\Adobe
2015-05-27 15:36 - 2015-05-27 15:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-27 15:36 - 2015-05-27 15:36 - 00002067 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-27 15:36 - 2015-05-27 15:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-27 15:32 - 2015-06-08 16:07 - 00000000 ____D C:\Users\ferha_000\AppData\Local\Adobe
2015-05-27 10:18 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-05-26 12:15 - 2015-05-26 12:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-25 11:37 - 2015-05-25 11:37 - 00002571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2015-05-25 11:36 - 2015-05-25 11:36 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-05-24 12:45 - 2015-05-24 12:45 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-21 09:07 - 2015-06-16 13:45 - 00000000 ____D C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-05-20 16:56 - 2015-05-21 09:07 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-20 16:56 - 2015-05-20 16:56 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 15:32 - 2015-05-20 15:32 - 00001801 _____ C:\Users\Public\Desktop\Picexa.lnk
2015-05-20 14:17 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 14:17 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 13:34 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-05-20 13:34 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-05-20 13:34 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-05-20 13:34 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-05-20 13:34 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-05-20 13:34 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-05-20 13:34 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-05-20 13:33 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-20 13:33 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-20 13:33 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-20 13:33 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-05-20 13:33 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-05-20 13:33 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-20 13:33 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-05-20 13:33 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-05-20 13:32 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-20 13:32 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-20 13:32 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-20 13:32 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-20 13:32 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-20 13:32 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-05-20 13:32 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-05-20 13:32 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-05-20 13:32 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-05-20 13:32 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-20 13:32 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-05-20 13:32 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-05-20 13:31 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-20 13:31 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-20 13:31 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-20 13:31 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-05-20 13:31 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-05-20 13:27 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-20 13:27 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-20 13:27 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-20 13:27 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-20 13:27 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-20 13:27 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-20 13:27 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-20 13:27 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-20 13:27 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-20 13:27 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-20 13:27 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-20 13:27 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-20 13:27 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-05-20 13:27 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-05-20 13:27 - 2015-01-30 05:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-05-20 13:27 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-05-20 13:22 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-20 13:22 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-05-20 13:22 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-05-20 13:22 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-05-20 13:22 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-05-20 13:22 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-05-20 13:22 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-05-20 13:22 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-05-20 13:22 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-05-20 13:22 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-05-20 13:22 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-05-20 13:22 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-05-20 13:22 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-05-20 13:22 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-20 13:22 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-20 13:22 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-05-20 13:22 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-05-20 13:22 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-20 13:22 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-20 13:22 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-20 13:22 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-05-20 13:22 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-05-20 13:22 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-20 13:22 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-05-20 13:22 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-05-20 13:22 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-05-20 13:22 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-05-20 13:22 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-05-20 13:22 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-05-20 13:22 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-05-20 13:22 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-05-20 13:22 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-05-20 13:22 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-05-20 13:22 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-05-20 13:22 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-05-20 13:22 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-05-20 13:22 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-05-20 13:22 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-05-20 13:22 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-05-20 13:22 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-05-20 13:22 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-05-20 13:22 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-05-20 13:22 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-20 13:22 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-20 13:22 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-05-20 13:22 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-05-20 13:22 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-05-20 13:22 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-05-20 13:22 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-05-20 13:22 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-05-20 13:22 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-05-20 13:22 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-05-20 13:22 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-05-20 13:21 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-20 13:21 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-20 13:21 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-20 13:21 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-20 13:21 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-20 13:21 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-20 13:21 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-05-20 13:21 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-05-20 13:21 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-05-20 13:21 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-05-20 13:21 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-05-20 13:21 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-05-20 13:21 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-05-20 13:21 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-05-20 13:21 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-05-20 13:21 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-05-20 13:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-05-20 13:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-05-20 13:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-05-20 13:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-05-20 13:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-05-20 13:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-05-20 13:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-05-20 13:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-05-20 13:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-05-20 13:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-05-20 13:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-05-20 13:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-05-20 13:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-05-20 13:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-05-20 13:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-05-20 13:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-05-20 13:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-05-20 13:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-05-20 13:17 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-05-19 09:52 - 2015-05-19 09:52 - 00287200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-16 13:45 - 2015-01-17 06:35 - 01632333 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-16 13:28 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-16 13:16 - 2015-01-06 23:56 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 13:16 - 2015-01-06 23:56 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 13:14 - 2015-02-01 16:57 - 00000000 ____D C:\Users\ferha_000\AppData\Roaming\TuneUp Software
2015-06-16 13:13 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-16 13:00 - 2015-01-06 23:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-434705092-2638260658-2582877144-1001
2015-06-16 12:00 - 2015-01-17 19:30 - 00000000 ___RD C:\Users\ferha_000\OneDrive
2015-06-16 12:00 - 2014-11-20 20:24 - 00022696 _____ C:\WINDOWS\PFRO.log
2015-06-16 12:00 - 2013-08-22 16:46 - 00290493 _____ C:\WINDOWS\setupact.log
2015-06-16 12:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-16 12:00 - 2012-11-13 19:52 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-06-16 11:59 - 2015-01-17 06:17 - 00000000 ____D C:\Users\ferha_000
2015-06-16 11:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-16 11:48 - 2012-11-13 19:52 - 00000000 ____D C:\ProgramData\McAfee
2015-06-16 11:45 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2015-06-16 10:54 - 2013-02-03 07:24 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2015-06-16 10:54 - 2013-02-03 07:23 - 00000000 ____D C:\Program Files (x86)\WildGames
2015-06-16 08:18 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-16 08:18 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-16 08:18 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-14 12:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 17:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-13 16:23 - 2015-02-01 21:48 - 00000000 __SHD C:\Users\ferha_000\AppData\Local\EmieUserList
2015-06-13 16:23 - 2015-02-01 21:48 - 00000000 __SHD C:\Users\ferha_000\AppData\Local\EmieSiteList
2015-06-13 16:23 - 2015-02-01 21:48 - 00000000 __SHD C:\Users\ferha_000\AppData\Local\EmieBrowserModeList
2015-06-13 16:17 - 2012-11-13 19:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-10 20:34 - 2013-08-22 16:44 - 00338016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 12:14 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 12:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 09:17 - 2015-01-06 23:56 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 09:12 - 2015-01-08 06:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 09:12 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 09:07 - 2015-01-08 06:14 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 10:14 - 2015-01-08 06:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-09 10:14 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 16:07 - 2015-01-06 23:37 - 00000000 ____D C:\Users\ferha_000\AppData\Roaming\Adobe
2015-06-06 08:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-03 18:18 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 10:17 - 2015-01-06 23:37 - 00000000 ____D C:\Users\ferha_000\AppData\Local\VirtualStore
2015-05-28 12:54 - 2015-02-01 16:56 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-05-25 11:36 - 2012-11-13 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-05-24 12:45 - 2015-01-06 23:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-23 15:57 - 2015-02-01 21:48 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C890474-EB70-4C69-95B2-4C52C7A55A8A}
2015-05-22 09:23 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-05-21 09:13 - 2015-01-17 19:28 - 00001450 _____ C:\Users\ferha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 16:57 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-20 16:57 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-20 16:57 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-20 16:57 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-20 16:56 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-20 16:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-05-20 16:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-05-20 16:56 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-20 13:52 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-20 13:11 - 2015-01-06 23:56 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 13:11 - 2015-01-06 23:56 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-16 12:25
==================== End of log ============================
--- --- --- |
Lesestoff: