| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 nach Programminstallation komplett zerschossenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2015, 22:37
| #1 |
 |  Windows 8.1 nach Programminstallation komplett zerschossen Moin, als meine Mutter heute auf ihrem Laptop ein Spiel installiert hat funktionierte dies nicht. Über den Taskmanager ließ sich das Programm nicht mehr schließen und als sie dann den Laptop einfach ausmachte und wieder anstellte nahm das Übel seinen Lauf. Der Laptop brauch lange zum starten. Der Desktop-Hintergrund ist schwarz. Alles ist so als wenn das System grade frisch installiert worden wäre und sämtliche Software (Browser, etc) auf den Standard zurückgesetzt worden ist. Einige Programme sind noch vorhanden die vorher installiert waren aber der Großteil ist verschwunden. Hier die FRST-Logs: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Sabine (administrator) on LÄPPI on 08-03-2015 22:28:40
Running from C:\Users\Sabine\Desktop
Loaded Profiles: Sabine (Available profiles: Sabine)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [209408 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001 -> {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Profile: C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
CHR Extension: (Google Search) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Gmail) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:28 - 2015-03-08 22:29 - 00015004 _____ () C:\Users\Sabine\Desktop\FRST.txt
2015-03-08 22:28 - 2015-03-08 22:28 - 00000000 ____D () C:\FRST
2015-03-08 22:27 - 2015-03-08 22:27 - 02095104 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2015-03-08 22:21 - 2015-03-08 22:21 - 02126848 _____ () C:\Users\Sabine\Desktop\AdwCleaner_4.111.exe
2015-03-08 22:18 - 2015-03-08 22:18 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\TS3Client
2015-03-08 22:00 - 2015-03-08 22:00 - 00000000 ____D () C:\Users\Sabine\AppData\Local\SRS Labs
2015-03-08 21:59 - 2015-03-08 21:59 - 00000020 ___SH () C:\Users\Sabine\ntuser.ini
2015-03-08 21:59 - 2015-03-08 21:59 - 00000020 ___SH () C:\Users\Sabine\ntuser.ini
2015-03-08 21:58 - 2015-03-08 21:58 - 00000000 ____D () C:\Users\Sabine\AppData\Local\VirtualStore
2015-03-08 21:56 - 2015-03-08 21:56 - 00000000 ____D () C:\BigFishCache
2015-03-08 19:53 - 2015-03-08 19:53 - 00002057 _____ () C:\Users\Public\Desktop\Spiel The Lost Kingdom Prophecy.lnk
2015-03-08 19:53 - 2015-03-08 19:53 - 00001280 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2015-03-08 19:53 - 2015-03-08 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost Kingdom Prophecy
2015-03-08 19:53 - 2015-03-08 19:53 - 00000000 ____D () C:\Program Files (x86)\The Lost Kingdom Prophecy
2015-03-08 19:51 - 2015-03-08 19:51 - 00002030 _____ () C:\Users\Public\Desktop\Spiel The Lost Inca Prophecy.lnk
2015-03-08 19:51 - 2015-03-08 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost Inca Prophecy
2015-03-08 19:51 - 2015-03-08 19:51 - 00000000 ____D () C:\Program Files (x86)\The Lost Inca Prophecy
2015-03-08 19:50 - 2015-03-08 19:50 - 00002025 _____ () C:\Users\Public\Desktop\Spiel The Lost City of Gold.lnk
2015-03-08 19:50 - 2015-03-08 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost City of Gold
2015-03-08 19:50 - 2015-03-08 19:50 - 00000000 ____D () C:\Program Files (x86)\The Lost City of Gold
2015-03-08 19:49 - 2015-03-08 19:49 - 00002067 _____ () C:\Users\Public\Desktop\Spiel The Legend of the Golden Tome.lnk
2015-03-08 19:49 - 2015-03-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Legend of the Golden Tome
2015-03-08 19:49 - 2015-03-08 19:49 - 00000000 ____D () C:\Program Files (x86)\The Legend of the Golden Tome
2015-03-08 19:47 - 2015-03-08 19:47 - 00002213 _____ () C:\Users\Public\Desktop\Spiel The Book of Wanderer - The Story of Dragons.lnk
2015-03-08 19:47 - 2015-03-08 19:47 - 00002177 _____ () C:\Users\Public\Desktop\Spiel The Enchanted Kingdom - Elisa's Adventure.lnk
2015-03-08 19:47 - 2015-03-08 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Enchanted Kingdom - Elisa's Adventure
2015-03-08 19:47 - 2015-03-08 19:47 - 00000000 ____D () C:\Program Files (x86)\The Enchanted Kingdom - Elisa's Adventure
2015-03-08 19:46 - 2015-03-08 19:47 - 00000000 ____D () C:\Program Files (x86)\The Book of Wanderer - The Story of Dragons
2015-03-08 19:46 - 2015-03-08 19:46 - 00002198 _____ () C:\Users\Public\Desktop\Spiel The Adventures of Mary Ann - Lucky Pirates.lnk
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Wanderer - The Story of Dragons
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Adventures of Mary Ann - Lucky Pirates
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\Program Files (x86)\The Adventures of Mary Ann - Lucky Pirates
2015-03-08 19:42 - 2015-03-08 19:42 - 00001970 _____ () C:\Users\Public\Desktop\Spiel Temple of Jewels.lnk
2015-03-08 19:42 - 2015-03-08 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Temple of Jewels
2015-03-08 19:41 - 2015-03-08 19:42 - 00000000 ____D () C:\Program Files (x86)\Temple of Jewels
2015-03-06 22:48 - 2015-03-06 22:57 - 00000000 ____D () C:\Program Files (x86)\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-06 22:48 - 00002032 _____ () C:\Users\Public\Desktop\Spiel Tales of Empire - Rome.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00001924 _____ () C:\Users\Public\Desktop\Spiel Spring Bonus.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring Bonus
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\Program Files (x86)\Spring Bonus
2015-03-01 22:23 - 2015-03-08 19:46 - 00431104 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00409600 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00136192 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00114688 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-03-01 22:23 - 2015-03-01 22:23 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 21:34 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-14 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-02-14 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-02-12 16:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 16:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 21:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:01 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:01 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:01 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:01 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:01 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:01 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:01 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 19:01 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:01 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:01 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:01 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:01 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:01 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:01 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:29 - 2013-07-27 11:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118408264-1509292953-1894101598-1001
2015-03-08 22:25 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Sabine\OneDrive
2015-03-08 22:25 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Sabine\OneDrive
2015-03-08 22:24 - 2013-07-27 11:52 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 22:23 - 2014-10-09 14:00 - 01079364 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-08 22:23 - 2014-03-01 18:16 - 00000000 ____D () C:\AdwCleaner
2015-03-08 22:23 - 2013-08-22 15:46 - 00288726 _____ () C:\WINDOWS\setupact.log
2015-03-08 22:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-08 22:23 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-08 22:22 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 22:22 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 22:12 - 2014-04-20 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 22:06 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-08 22:06 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-08 22:06 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-08 22:01 - 2014-09-23 22:06 - 00554562 _____ () C:\WINDOWS\PFRO.log
2015-03-08 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-08 21:59 - 2015-01-12 21:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-08 21:59 - 2015-01-12 21:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-08 21:59 - 2014-10-09 13:41 - 00000000 ____D () C:\Users\Sabine
2015-03-08 21:58 - 2014-03-01 18:30 - 00000000 ____D () C:\Users\Sabine\Desktop\TB und Security
2015-03-08 21:58 - 2013-07-28 10:56 - 00000000 ____D () C:\Users\Sabine\AppData\Local\TOSHIBA
2015-03-08 21:58 - 2013-07-27 11:12 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Packages
2015-03-08 21:56 - 2015-01-12 21:58 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-08 21:56 - 2015-01-12 21:58 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-08 21:56 - 2013-07-27 11:52 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Google
2015-03-08 21:56 - 2012-11-13 18:46 - 00000000 ____D () C:\ProgramData\Toshiba
2015-03-08 21:56 - 2012-11-13 18:46 - 00000000 ____D () C:\ProgramData\Toshiba
2015-03-08 21:56 - 2012-11-13 18:45 - 00000000 ____D () C:\ProgramData\Intel
2015-03-08 21:56 - 2012-11-13 18:45 - 00000000 ____D () C:\ProgramData\Intel
2015-03-08 21:56 - 2012-11-13 18:43 - 00000000 ____D () C:\ProgramData\Nero
2015-03-08 21:56 - 2012-11-13 18:43 - 00000000 ____D () C:\ProgramData\Nero
2015-03-08 21:56 - 2012-11-13 18:14 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-08 21:56 - 2012-11-13 18:14 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-08 21:46 - 2013-07-27 11:52 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 19:53 - 2013-02-02 00:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-06 22:57 - 2015-01-30 23:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-03-06 22:56 - 2015-01-30 23:53 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-03-03 14:17 - 2014-11-23 19:03 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-01 22:23 - 2015-01-31 00:11 - 00249900 _____ () C:\WINDOWS\DirectX.log
2015-02-25 22:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-20 22:47 - 2013-07-27 11:53 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 21:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:36 - 2013-08-16 09:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:36 - 2013-07-29 08:53 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:26 - 2013-08-22 15:44 - 00478840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 19:10 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 19:10 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
Some content of TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabine\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-28 22:50
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Sabine (administrator) on LÄPPI on 08-03-2015 22:28:40
Running from C:\Users\Sabine\Desktop
Loaded Profiles: Sabine (Available profiles: Sabine)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [209408 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001 -> {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Profile: C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
CHR Extension: (Google Search) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Gmail) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:28 - 2015-03-08 22:29 - 00015004 _____ () C:\Users\Sabine\Desktop\FRST.txt
2015-03-08 22:28 - 2015-03-08 22:28 - 00000000 ____D () C:\FRST
2015-03-08 22:27 - 2015-03-08 22:27 - 02095104 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2015-03-08 22:21 - 2015-03-08 22:21 - 02126848 _____ () C:\Users\Sabine\Desktop\AdwCleaner_4.111.exe
2015-03-08 22:18 - 2015-03-08 22:18 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\TS3Client
2015-03-08 22:00 - 2015-03-08 22:00 - 00000000 ____D () C:\Users\Sabine\AppData\Local\SRS Labs
2015-03-08 21:59 - 2015-03-08 21:59 - 00000020 ___SH () C:\Users\Sabine\ntuser.ini
2015-03-08 21:59 - 2015-03-08 21:59 - 00000020 ___SH () C:\Users\Sabine\ntuser.ini
2015-03-08 21:58 - 2015-03-08 21:58 - 00000000 ____D () C:\Users\Sabine\AppData\Local\VirtualStore
2015-03-08 21:56 - 2015-03-08 21:56 - 00000000 ____D () C:\BigFishCache
2015-03-08 19:53 - 2015-03-08 19:53 - 00002057 _____ () C:\Users\Public\Desktop\Spiel The Lost Kingdom Prophecy.lnk
2015-03-08 19:53 - 2015-03-08 19:53 - 00001280 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2015-03-08 19:53 - 2015-03-08 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost Kingdom Prophecy
2015-03-08 19:53 - 2015-03-08 19:53 - 00000000 ____D () C:\Program Files (x86)\The Lost Kingdom Prophecy
2015-03-08 19:51 - 2015-03-08 19:51 - 00002030 _____ () C:\Users\Public\Desktop\Spiel The Lost Inca Prophecy.lnk
2015-03-08 19:51 - 2015-03-08 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost Inca Prophecy
2015-03-08 19:51 - 2015-03-08 19:51 - 00000000 ____D () C:\Program Files (x86)\The Lost Inca Prophecy
2015-03-08 19:50 - 2015-03-08 19:50 - 00002025 _____ () C:\Users\Public\Desktop\Spiel The Lost City of Gold.lnk
2015-03-08 19:50 - 2015-03-08 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost City of Gold
2015-03-08 19:50 - 2015-03-08 19:50 - 00000000 ____D () C:\Program Files (x86)\The Lost City of Gold
2015-03-08 19:49 - 2015-03-08 19:49 - 00002067 _____ () C:\Users\Public\Desktop\Spiel The Legend of the Golden Tome.lnk
2015-03-08 19:49 - 2015-03-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Legend of the Golden Tome
2015-03-08 19:49 - 2015-03-08 19:49 - 00000000 ____D () C:\Program Files (x86)\The Legend of the Golden Tome
2015-03-08 19:47 - 2015-03-08 19:47 - 00002213 _____ () C:\Users\Public\Desktop\Spiel The Book of Wanderer - The Story of Dragons.lnk
2015-03-08 19:47 - 2015-03-08 19:47 - 00002177 _____ () C:\Users\Public\Desktop\Spiel The Enchanted Kingdom - Elisa's Adventure.lnk
2015-03-08 19:47 - 2015-03-08 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Enchanted Kingdom - Elisa's Adventure
2015-03-08 19:47 - 2015-03-08 19:47 - 00000000 ____D () C:\Program Files (x86)\The Enchanted Kingdom - Elisa's Adventure
2015-03-08 19:46 - 2015-03-08 19:47 - 00000000 ____D () C:\Program Files (x86)\The Book of Wanderer - The Story of Dragons
2015-03-08 19:46 - 2015-03-08 19:46 - 00002198 _____ () C:\Users\Public\Desktop\Spiel The Adventures of Mary Ann - Lucky Pirates.lnk
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Wanderer - The Story of Dragons
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Adventures of Mary Ann - Lucky Pirates
2015-03-08 19:46 - 2015-03-08 19:46 - 00000000 ____D () C:\Program Files (x86)\The Adventures of Mary Ann - Lucky Pirates
2015-03-08 19:42 - 2015-03-08 19:42 - 00001970 _____ () C:\Users\Public\Desktop\Spiel Temple of Jewels.lnk
2015-03-08 19:42 - 2015-03-08 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Temple of Jewels
2015-03-08 19:41 - 2015-03-08 19:42 - 00000000 ____D () C:\Program Files (x86)\Temple of Jewels
2015-03-06 22:48 - 2015-03-06 22:57 - 00000000 ____D () C:\Program Files (x86)\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-06 22:48 - 00002032 _____ () C:\Users\Public\Desktop\Spiel Tales of Empire - Rome.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00001924 _____ () C:\Users\Public\Desktop\Spiel Spring Bonus.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring Bonus
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\Program Files (x86)\Spring Bonus
2015-03-01 22:23 - 2015-03-08 19:46 - 00431104 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00409600 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00136192 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-01 22:23 - 2015-03-08 19:46 - 00114688 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-03-01 22:23 - 2015-03-01 22:23 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 21:34 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-14 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-02-14 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-02-12 16:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 16:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 21:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:01 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:01 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:01 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:01 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:01 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:01 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:01 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 19:01 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:01 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:01 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:01 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:01 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:01 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:01 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:29 - 2013-07-27 11:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118408264-1509292953-1894101598-1001
2015-03-08 22:25 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Sabine\OneDrive
2015-03-08 22:25 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Sabine\OneDrive
2015-03-08 22:24 - 2013-07-27 11:52 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 22:23 - 2014-10-09 14:00 - 01079364 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-08 22:23 - 2014-03-01 18:16 - 00000000 ____D () C:\AdwCleaner
2015-03-08 22:23 - 2013-08-22 15:46 - 00288726 _____ () C:\WINDOWS\setupact.log
2015-03-08 22:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-08 22:23 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-08 22:22 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 22:22 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 22:12 - 2014-04-20 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 22:06 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-08 22:06 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-08 22:06 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-08 22:01 - 2014-09-23 22:06 - 00554562 _____ () C:\WINDOWS\PFRO.log
2015-03-08 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-08 21:59 - 2015-01-12 21:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-08 21:59 - 2015-01-12 21:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-08 21:59 - 2014-10-09 13:41 - 00000000 ____D () C:\Users\Sabine
2015-03-08 21:58 - 2014-03-01 18:30 - 00000000 ____D () C:\Users\Sabine\Desktop\TB und Security
2015-03-08 21:58 - 2013-07-28 10:56 - 00000000 ____D () C:\Users\Sabine\AppData\Local\TOSHIBA
2015-03-08 21:58 - 2013-07-27 11:12 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Packages
2015-03-08 21:56 - 2015-01-12 21:58 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-08 21:56 - 2015-01-12 21:58 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-08 21:56 - 2013-07-27 11:52 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Google
2015-03-08 21:56 - 2012-11-13 18:46 - 00000000 ____D () C:\ProgramData\Toshiba
2015-03-08 21:56 - 2012-11-13 18:46 - 00000000 ____D () C:\ProgramData\Toshiba
2015-03-08 21:56 - 2012-11-13 18:45 - 00000000 ____D () C:\ProgramData\Intel
2015-03-08 21:56 - 2012-11-13 18:45 - 00000000 ____D () C:\ProgramData\Intel
2015-03-08 21:56 - 2012-11-13 18:43 - 00000000 ____D () C:\ProgramData\Nero
2015-03-08 21:56 - 2012-11-13 18:43 - 00000000 ____D () C:\ProgramData\Nero
2015-03-08 21:56 - 2012-11-13 18:14 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-08 21:56 - 2012-11-13 18:14 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-08 21:46 - 2013-07-27 11:52 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 19:53 - 2013-02-02 00:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-06 22:57 - 2015-01-30 23:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-03-06 22:56 - 2015-01-30 23:53 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-03-03 14:17 - 2014-11-23 19:03 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-01 22:23 - 2015-01-31 00:11 - 00249900 _____ () C:\WINDOWS\DirectX.log
2015-02-25 22:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-20 22:47 - 2013-07-27 11:53 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 21:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:36 - 2013-08-16 09:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:36 - 2013-07-29 08:53 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:26 - 2013-08-22 15:44 - 00478840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 19:10 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 19:10 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
Some content of TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabine\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-28 22:50
==================== End Of Log ============================
__________________ Beste Grüße, Kuhlambo12  |
|
09.03.2015, 02:33
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8.1 nach Programminstallation komplett zerschossen Hi,
__________________Addition.txt von FRST fehlt noch 
__________________ |
|
09.03.2015, 03:58
| #3 |
| | Windows 8.1 nach Programminstallation komplett zerschossen Ups
__________________ hier die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Sabine at 2015-03-08 22:29:33
Running from C:\Users\Sabine\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spring Bonus (HKLM-x32\...\BFG-Spring Bonus) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Tales of Empire: Rome (HKLM-x32\...\BFG-Tales of Empire - Rome) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Temple of Jewels (HKLM-x32\...\BFG-Temple of Jewels) (Version: - )
The Adventures of Mary Ann: Lucky Pirates (HKLM-x32\...\BFG-The Adventures of Mary Ann - Lucky Pirates) (Version: - )
The Book of Wanderer: The Story of Dragons (HKLM-x32\...\BFG-The Book of Wanderer - The Story of Dragons) (Version: - )
The Enchanted Kingdom: Elisa's Adventure (HKLM-x32\...\BFG-The Enchanted Kingdom - Elisa's Adventure) (Version: - )
The Legend of the Golden Tome (HKLM-x32\...\BFG-The Legend of the Golden Tome) (Version: - )
The Lost City of Gold (HKLM-x32\...\BFG-The Lost City of Gold) (Version: - )
The Lost Inca Prophecy (HKLM-x32\...\BFG-The Lost Inca Prophecy) (Version: - )
The Lost Kingdom Prophecy (HKLM-x32\...\BFG-The Lost Kingdom Prophecy) (Version: - )
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll No File
==================== Restore Points =========================
14-02-2015 20:59:20 DirectX wurde installiert
25-02-2015 22:09:13 Windows Update
01-03-2015 22:22:01 DirectX wurde installiert
06-03-2015 22:49:02 Microsoft Visual C++ 2005 Redistributable wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {6D3F6E6E-8503-4E37-8A5E-4809916F7EC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {9A0C5FF2-44D2-4BB0-8B69-C45C4CBD0722} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {B91A928C-EB4B-47D8-9E6F-55D569C525B2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BF7F68E2-26DB-41C2-A58C-4F650AFDF057} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {C384932C-0316-49C9-8E5A-6889A76D11E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {CC2BDBC3-5414-4C4D-899A-32B9CC5741A3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4118408264-1509292953-1894101598-1001
Task: {EAE63342-AFB1-4097-9CB2-31236ADCD68B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-11-04 18:22 - 2013-11-04 18:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-02-01 23:51 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:00258EE7
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0940DE92
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0C9CD455
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0EE45B2D
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:10873493
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:151760F0
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:1A8BB29B
AlternateDataStreams: C:\ProgramData\TEMP:1CE87230
AlternateDataStreams: C:\ProgramData\TEMP:1D8AAA7B
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:213AFE42
AlternateDataStreams: C:\ProgramData\TEMP:23622B8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2F0007D6
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:329BA65B
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:339562A6
AlternateDataStreams: C:\ProgramData\TEMP:33EA030E
AlternateDataStreams: C:\ProgramData\TEMP:3473F385
AlternateDataStreams: C:\ProgramData\TEMP:35A81752
AlternateDataStreams: C:\ProgramData\TEMP:3991CD7D
AlternateDataStreams: C:\ProgramData\TEMP:3ADB6F65
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:47FE7AB7
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4DA46765
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:51E83E25
AlternateDataStreams: C:\ProgramData\TEMP:5216EF84
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:561568A4
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D
AlternateDataStreams: C:\ProgramData\TEMP:5CE65446
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5FBC2BC4
AlternateDataStreams: C:\ProgramData\TEMP:5FD47318
AlternateDataStreams: C:\ProgramData\TEMP:6378B6B8
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6C031E3E
AlternateDataStreams: C:\ProgramData\TEMP:6F0C95A1
AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B
AlternateDataStreams: C:\ProgramData\TEMP:706B1D1A
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:70E59E5A
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:7EABF26C
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:84CFEE62
AlternateDataStreams: C:\ProgramData\TEMP:85A0F6D2
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87B92F7B
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:880F0FEF
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8C6D2EC3
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:9290C91C
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:9331E9D2
AlternateDataStreams: C:\ProgramData\TEMP:95775248
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:9ACE4E8E
AlternateDataStreams: C:\ProgramData\TEMP:9B3B8E95
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C337CCE
AlternateDataStreams: C:\ProgramData\TEMP:9C8D5426
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B67A5784
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:B9E9A5F9
AlternateDataStreams: C:\ProgramData\TEMP:BA516E94
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:C20426BD
AlternateDataStreams: C:\ProgramData\TEMP:C3C72D5F
AlternateDataStreams: C:\ProgramData\TEMP:C3D26A8A
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CCB49694
AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D4D3884D
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6BC791F
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DE892EFB
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E1CC2D5E
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6DFB241
AlternateDataStreams: C:\ProgramData\TEMP:E8FF27EA
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE3A2438
AlternateDataStreams: C:\ProgramData\TEMP:EF4FB3C5
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F39FAB77
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\ProgramData\TEMP:00258EE7
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0940DE92
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0C9CD455
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0EE45B2D
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:10873493
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:151760F0
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:1A8BB29B
AlternateDataStreams: C:\ProgramData\TEMP:1CE87230
AlternateDataStreams: C:\ProgramData\TEMP:1D8AAA7B
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:213AFE42
AlternateDataStreams: C:\ProgramData\TEMP:23622B8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2F0007D6
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:329BA65B
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:339562A6
AlternateDataStreams: C:\ProgramData\TEMP:33EA030E
AlternateDataStreams: C:\ProgramData\TEMP:3473F385
AlternateDataStreams: C:\ProgramData\TEMP:35A81752
AlternateDataStreams: C:\ProgramData\TEMP:3991CD7D
AlternateDataStreams: C:\ProgramData\TEMP:3ADB6F65
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:47FE7AB7
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4DA46765
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:51E83E25
AlternateDataStreams: C:\ProgramData\TEMP:5216EF84
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:561568A4
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D
AlternateDataStreams: C:\ProgramData\TEMP:5CE65446
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5FBC2BC4
AlternateDataStreams: C:\ProgramData\TEMP:5FD47318
AlternateDataStreams: C:\ProgramData\TEMP:6378B6B8
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6C031E3E
AlternateDataStreams: C:\ProgramData\TEMP:6F0C95A1
AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B
AlternateDataStreams: C:\ProgramData\TEMP:706B1D1A
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:70E59E5A
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:7EABF26C
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:84CFEE62
AlternateDataStreams: C:\ProgramData\TEMP:85A0F6D2
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87B92F7B
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:880F0FEF
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8C6D2EC3
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:9290C91C
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:9331E9D2
AlternateDataStreams: C:\ProgramData\TEMP:95775248
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:9ACE4E8E
AlternateDataStreams: C:\ProgramData\TEMP:9B3B8E95
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C337CCE
AlternateDataStreams: C:\ProgramData\TEMP:9C8D5426
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B67A5784
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:B9E9A5F9
AlternateDataStreams: C:\ProgramData\TEMP:BA516E94
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:C20426BD
AlternateDataStreams: C:\ProgramData\TEMP:C3C72D5F
AlternateDataStreams: C:\ProgramData\TEMP:C3D26A8A
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CCB49694
AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D4D3884D
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6BC791F
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DE892EFB
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E1CC2D5E
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6DFB241
AlternateDataStreams: C:\ProgramData\TEMP:E8FF27EA
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE3A2438
AlternateDataStreams: C:\ProgramData\TEMP:EF4FB3C5
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F39FAB77
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\Users\Sabine\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabine\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sabine\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-4118408264-1509292953-1894101598-500 - Administrator - Disabled)
Gast (S-1-5-21-4118408264-1509292953-1894101598-501 - Limited - Disabled)
Sabine (S-1-5-21-4118408264-1509292953-1894101598-1001 - Administrator - Enabled) => C:\Users\Sabine
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2015 10:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xfac
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (03/08/2015 10:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x6bc
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (03/08/2015 10:00:14 PM) (Source: ESENT) (EventID: 454) (User: )
Description: LiveComm (1480) C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -543 auf.
Error: (03/08/2015 10:00:14 PM) (Source: ESENT) (EventID: 452) (User: )
Description: LiveComm (1480) C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\: Datenbank C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\DBStore\livecomm.edb benötigt die Protokolldateien 144-146 für eine erfolgreiche Wiederherstellung. Es wurden nur Protokolldateien ab 146 gefunden.
Error: (03/08/2015 09:54:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm bfgclient.exe, Version 3.3.0.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1598
Startzeit: 01d059cef3ec4fb7
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\bfgclient\bfgclient.exe
Berichts-ID: 4e341d44-c5d5-11e4-beb9-c0d9623815a5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/28/2015 11:03:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: LÄPPI)
Description: Product: Bing Bar -- Bing Bar requires Internet Explorer 7 or later.
Error: (02/28/2015 09:45:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/26/2015 09:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Lost City of Aquatica.exe, Version: 1.0.0.0, Zeitstempel: 0x4aca0dc0
Name des fehlerhaften Moduls: igdumdim32.dll, Version: 10.18.10.3345, Zeitstempel: 0x526edd5e
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000bfddc
ID des fehlerhaften Prozesses: 0x171c
Startzeit der fehlerhaften Anwendung: 0xLost City of Aquatica.exe0
Pfad der fehlerhaften Anwendung: Lost City of Aquatica.exe1
Pfad des fehlerhaften Moduls: Lost City of Aquatica.exe2
Berichtskennung: Lost City of Aquatica.exe3
Vollständiger Name des fehlerhaften Pakets: Lost City of Aquatica.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Lost City of Aquatica.exe5
Error: (02/21/2015 08:15:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Isidiada.exe, Version: 0.0.0.0, Zeitstempel: 0x4b811006
Name des fehlerhaften Moduls: Isidiada.exe, Version: 0.0.0.0, Zeitstempel: 0x4b811006
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00013fb2
ID des fehlerhaften Prozesses: 0x351c
Startzeit der fehlerhaften Anwendung: 0xIsidiada.exe0
Pfad der fehlerhaften Anwendung: Isidiada.exe1
Pfad des fehlerhaften Moduls: Isidiada.exe2
Berichtskennung: Isidiada.exe3
Vollständiger Name des fehlerhaften Pakets: Isidiada.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Isidiada.exe5
Error: (02/21/2015 09:13:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3200
Startzeit: 01d04dad860d7259
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: 79e91a65-b9a1-11e4-beb8-c0d9623815a5
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
System errors:
=============
Error: (03/06/2015 09:27:46 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse xxxxxxxxxx mit dem Computer mit der
Netzwerkhardwareadresse xxxxxxxxxxxxxxx ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (02/11/2015 09:27:10 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse xxxxxxxxxx mit dem Computer mit der
Netzwerkhardwareadresse xxxxxxxxxxxxxx ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (02/01/2015 06:21:11 PM) (Source: DCOM) (EventID: 10010) (User: LÄPPI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/01/2015 06:21:11 PM) (Source: DCOM) (EventID: 10010) (User: LÄPPI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/30/2015 08:02:43 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (01/30/2015 08:02:43 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (01/30/2015 08:02:43 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (01/30/2015 08:02:43 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (01/27/2015 09:27:03 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Error: (01/27/2015 09:27:03 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "TI31018700A" wurde eine Beschädigung erkannt.
Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.
Microsoft Office Sessions:
=========================
Error: (03/08/2015 10:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfac01d059e4929ff5edC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlld47ff372-c5d7-11e4-bebb-c0d9623815a5
Error: (03/08/2015 10:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6bc01d059e4629ee03dC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllad939c63-c5d7-11e4-bebb-c0d9623815a5
Error: (03/08/2015 10:00:14 PM) (Source: ESENT) (EventID: 454) (User: )
Description: LiveComm1480C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\: -543
Error: (03/08/2015 10:00:14 PM) (Source: ESENT) (EventID: 452) (User: )
Description: LiveComm1480C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\: C:\Users\Sabine\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\5c3395c79a994144\120712-0049\DBStore\livecomm.edb144146146
Error: (03/08/2015 09:54:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: bfgclient.exe3.3.0.2159801d059cef3ec4fb74294967295C:\Program Files (x86)\bfgclient\bfgclient.exe4e341d44-c5d5-11e4-beb9-c0d9623815a5
Error: (02/28/2015 11:03:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: LÄPPI)
Description: Product: Bing Bar -- Bing Bar requires Internet Explorer 7 or later.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/28/2015 09:45:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_enu.exe
Error: (02/26/2015 09:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Lost City of Aquatica.exe1.0.0.04aca0dc0igdumdim32.dll10.18.10.3345526edd5ec000041d000bfddc171c01d052011d0526e3C:\Program Files (x86)\Lost City of Aquatica\Lost City of Aquatica.exeC:\WINDOWS\SYSTEM32\igdumdim32.dllf5d5ef4b-bdf4-11e4-beb8-c0d9623815a5
Error: (02/21/2015 08:15:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Isidiada.exe0.0.0.04b811006Isidiada.exe0.0.0.04b811006c000009400013fb2351c01d04e0ab7d1f7d3C:\Program Files (x86)\Isidiada\Isidiada.exeC:\Program Files (x86)\Isidiada\Isidiada.exeff2ec2ec-b9fd-11e4-beb8-c0d9623815a5
Error: (02/21/2015 09:13:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384320001d04dad860d72594294967295C:\WINDOWS\syswow64\backgroundTaskHost.exe79e91a65-b9a1-11e4-beb8-c0d9623815a5Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbweApp
CodeIntegrity Errors:
===================================
Date: 2015-02-28 22:54:56.674
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-20 22:14:09.199
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-13 21:46:06.493
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-25 09:44:26.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-24 07:21:01.438
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-14 21:55:20.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-18 21:06:53.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-11 20:57:28.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-24 21:42:30.884
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 3979.22 MB
Available physical RAM: 2953.55 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 3643 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (TI31018700A) (Fixed) (Total:454.48 GB) (Free:422.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
__________________ |
|
09.03.2015, 16:15
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 20:48
| #5 |
| | Windows 8.1 nach Programminstallation komplett zerschossen Malwarebytes findet nichts, hinterlegt mir aber auch kein Suchlauflog. Hab zwei Mal gescanned und da wurde nichts gespeichert. ADWCleaner Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 22:23:08
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Sabine - LÄPPI
# Gestarted von : C:\Users\Sabine\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
***** [ Internetbrowser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R1].txt - [838 Bytes] - [08/03/2015 22:21:36]
AdwCleaner[S1].txt - [761 Bytes] - [08/03/2015 22:23:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [819 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by Sabine on 09.03.2015 at 16:59:41,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2015 at 17:01:27,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Update: Meine Mutter meinte auf eigene Faust eine Systemwiederherstellung machen zu müssen. Resultat ist: Die verschwundenen Programme sind wieder da, alle Dokumente sind nicht mehr verfügbar. Bsp.: in den Windows live-kacheln werden die Bilder als Vorschau angezeigt, sobald man draufklickt kommt die Meldung von Windows, dass keine Dateien in den Order seien. Desweiteren verhält sich jedes Programm so, als ob das komplett neu installiert worden wäre (Browser hat keine Lesezeichen, Addons und Einstellungen mehr).
__________________ Beste Grüße, Kuhlambo12 |
|
10.03.2015, 13:33
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen Poste mal bitte frische FRST logs.
__________________ --> Windows 8.1 nach Programminstallation komplett zerschossen |
|
10.03.2015, 15:16
| #7 |
| | Windows 8.1 nach Programminstallation komplett zerschossen So, FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Sabine (administrator) on LÄPPI on 10-03-2015 15:10:44
Running from C:\Users\Sabine\Desktop
Loaded Profiles: Sabine (Available profiles: Sabine)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001 -> DefaultScope {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL =
SearchScopes: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001 -> {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-27]
CHR Extension: (Google Drive) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
CHR Extension: (Adblock Plus) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-09]
CHR Extension: (Google Search) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Ghostery) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 15:10 - 2015-03-10 15:11 - 00014237 _____ () C:\Users\Sabine\Desktop\FRST.txt
2015-03-10 15:09 - 2015-03-10 15:09 - 02095104 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2015-03-09 22:06 - 2015-03-09 22:06 - 02347384 _____ (ESET) C:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
2015-03-09 22:03 - 2015-03-09 22:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sabine\Downloads\tdsskiller.exe
2015-03-08 22:18 - 2015-03-09 04:08 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\TS3Client
2015-03-08 19:53 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Lost Kingdom Prophecy
2015-03-08 19:51 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Lost Inca Prophecy
2015-03-08 19:50 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Lost City of Gold
2015-03-08 19:50 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Lost City of Gold
2015-03-08 19:49 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Legend of the Golden Tome
2015-03-08 19:47 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Enchanted Kingdom - Elisa's Adventure
2015-03-08 19:46 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Book of Wanderer - The Story of Dragons
2015-03-08 19:46 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\The Adventures of Mary Ann - Lucky Pirates
2015-03-08 19:41 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Temple of Jewels
2015-03-06 22:48 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring Bonus
2015-03-06 22:48 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring Bonus
2015-03-06 22:48 - 2015-03-06 22:48 - 00002032 _____ () C:\Users\Public\Desktop\Spiel Tales of Empire - Rome.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00001924 _____ () C:\Users\Public\Desktop\Spiel Spring Bonus.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00001924 _____ () C:\Users\Public\Desktop\Spiel Spooky Bonus.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00001274 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\Program Files (x86)\Tales of Empire - Rome
2015-03-06 22:48 - 2015-03-06 22:48 - 00000000 ____D () C:\Program Files (x86)\Spring Bonus
2015-03-06 22:47 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spooky Bonus
2015-03-06 22:47 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spooky Bonus
2015-03-06 22:47 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Spooky Bonus
2015-03-06 22:47 - 2015-03-06 22:47 - 00002374 _____ () C:\Users\Public\Desktop\Spiel Sister's Secrecy - Mysterioese Abstammung Sammleredition.lnk
2015-03-06 22:46 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sister's Secrecy - Mysterioese Abstammung Sammleredition
2015-03-06 22:46 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sister's Secrecy - Mysterioese Abstammung Sammleredition
2015-03-06 22:46 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Sister's Secrecy - Mysterioese Abstammung Sammleredition
2015-03-06 22:46 - 2015-03-06 22:46 - 00002239 _____ () C:\Users\Public\Desktop\Spiel Sister's Secrecy - Mysterioese Abstammung.lnk
2015-03-06 22:44 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sister's Secrecy - Mysterioese Abstammung
2015-03-06 22:44 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sister's Secrecy - Mysterioese Abstammung
2015-03-06 22:44 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Sister's Secrecy - Mysterioese Abstammung
2015-03-06 21:53 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simplz Zoo
2015-03-06 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simplz Zoo
2015-03-06 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Simplz Zoo
2015-03-06 21:53 - 2015-03-06 21:53 - 00001904 _____ () C:\Users\Public\Desktop\Spiel Simplz Zoo.lnk
2015-03-06 21:50 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Season Match 3 - Der Fluch der Kraehe
2015-03-06 21:50 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Season Match 3 - Der Fluch der Kraehe
2015-03-06 21:50 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Season Match 3 - Der Fluch der Kraehe
2015-03-06 21:50 - 2015-03-06 21:50 - 00002133 _____ () C:\Users\Public\Desktop\Spiel Season Match 3 - Der Fluch der Kraehe.lnk
2015-03-06 21:46 - 2015-03-06 21:46 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\tales-of-empire-rome_s2_l2_gF7735T1L2_d2438655917.exe
2015-03-06 21:45 - 2015-03-06 21:45 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\spring-bonus_s2_l2_gF6219T1L2_d2438655392.exe
2015-03-06 21:44 - 2015-03-06 21:44 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\spooky-bonus_s2_l2_gF7725T1L2_d2438655267.exe
2015-03-06 21:43 - 2015-03-06 21:43 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\sisters-secrecy-mysterioese-abstammung_s2_l2_gF7273T1L2_d2438654800.exe
2015-03-06 21:43 - 2015-03-06 21:43 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\sister-secrecy-mysterioese-abstammung-sammler_s2_l2_gF7243T1L2_d2438654977.exe
2015-03-06 21:43 - 2015-03-06 21:43 - 00001946 _____ () C:\Users\Public\Desktop\Spiel Season Match 2.lnk
2015-03-06 21:42 - 2015-03-09 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Season Match 2
2015-03-06 21:42 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Season Match 2
2015-03-04 21:53 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sea Journey
2015-03-04 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Season Match
2015-03-04 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sea Journey
2015-03-04 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Season Match
2015-03-04 21:53 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Sea Journey
2015-03-04 21:53 - 2015-03-04 21:53 - 00001926 _____ () C:\Users\Public\Desktop\Spiel Season Match.lnk
2015-03-04 21:53 - 2015-03-04 21:53 - 00001913 _____ () C:\Users\Public\Desktop\Spiel Sea Journey.lnk
2015-03-04 21:52 - 2015-03-04 21:52 - 00002021 _____ () C:\Users\Public\Desktop\Spiel Schlumpiwutz Magixx 2.lnk
2015-03-04 21:51 - 2015-03-09 19:26 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schlumpiwutz Magixx 2
2015-03-04 21:51 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schlumpiwutz Magixx 2
2015-03-04 21:51 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\Schlumpiwutz Magixx 2
2015-03-02 22:35 - 2015-03-02 22:35 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\rise-of-dynasty_s2_l2_gF7879T1L2_d2437097836.exe
2015-03-01 22:23 - 2015-03-09 19:14 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-03-01 22:23 - 2015-03-01 22:23 - 00431104 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-01 22:23 - 2015-03-01 22:23 - 00409600 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-03-01 22:23 - 2015-03-01 22:23 - 00136192 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-01 22:23 - 2015-03-01 22:23 - 00114688 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-03-01 20:04 - 2015-03-09 19:25 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Pizza Pizza
2015-02-27 21:59 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Mermaid
2015-02-25 22:26 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Legend Of Maya
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 21:34 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 21:34 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 21:34 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-22 21:16 - 2015-03-09 19:14 - 00000000 ____D () C:\Users\Public\Documents\bigfish
2015-02-21 19:03 - 2015-03-09 19:25 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\quickclick
2015-02-20 23:28 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\Grey Alien Games
2015-02-19 22:39 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\ERS G-Studio
2015-02-15 22:38 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Frozen Kingdom
2015-02-15 09:49 - 2015-02-15 09:49 - 00237568 _____ (Big Fish Games) C:\Users\Sabine\Downloads\flower-paradise_s2_l2_gF5012T1L2_d2430430850.exe
2015-02-14 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-02-14 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-02-14 21:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-02-13 20:36 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Family Farm
2015-02-12 16:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 16:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 21:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:01 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:01 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:01 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:01 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:01 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:01 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:01 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 19:01 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:01 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:01 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:01 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:01 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:01 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:01 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:01 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:01 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:01 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:01 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 23:24 - 2015-03-09 19:14 - 00000000 ____D () C:\ProgramData\GameXzone
2015-02-09 22:38 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\DruidsBattleOfMagic
2015-02-08 20:49 - 2015-03-09 19:24 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\DeepVoyage
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 15:10 - 2014-03-01 16:35 - 00000000 ____D () C:\FRST
2015-03-10 15:09 - 2014-10-09 14:00 - 01992262 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 15:09 - 2014-03-01 18:30 - 00000000 ____D () C:\Users\Sabine\Desktop\TB und Security
2015-03-10 15:06 - 2014-10-09 14:10 - 00000000 ___RD () C:\Users\Sabine\OneDrive
2015-03-10 15:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 15:06 - 2013-07-27 11:52 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 05:35 - 2013-07-27 11:21 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118408264-1509292953-1894101598-1001
2015-03-10 04:46 - 2013-07-27 11:52 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 04:45 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 04:45 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-10 04:45 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-10 03:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-09 23:27 - 2013-07-27 11:53 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-09 23:26 - 2013-07-27 11:52 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Google
2015-03-09 19:55 - 2014-04-20 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 19:27 - 2014-10-09 13:41 - 00000000 ____D () C:\Users\Sabine
2015-03-09 19:26 - 2013-08-22 15:46 - 00288880 _____ () C:\WINDOWS\setupact.log
2015-03-09 19:26 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-09 19:26 - 2013-02-02 00:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-09 19:25 - 2015-01-27 22:43 - 00000000 ____D () C:\Users\Sabine\Documents\Exp_Saves_2
2015-03-09 19:25 - 2015-01-26 21:46 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\URSE Games
2015-03-09 19:25 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Sabine\Documents\Quest_of_the_Sorceress
2015-03-09 19:25 - 2014-10-09 13:41 - 00000000 ___RD () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-09 19:25 - 2014-10-09 13:41 - 00000000 ___RD () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-09 19:25 - 2014-10-09 13:41 - 00000000 ___RD () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-09 19:25 - 2014-10-09 13:41 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-09 19:25 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\TomTom
2015-03-09 19:25 - 2014-05-24 09:42 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Skype
2015-03-09 19:25 - 2014-04-20 15:34 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\TeamViewer
2015-03-09 19:25 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-09 19:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-03-09 19:25 - 2012-11-13 18:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Toshiba
2015-03-09 19:24 - 2015-02-02 20:36 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\md studio
2015-03-09 19:24 - 2015-01-26 22:49 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Grey Alien Games
2015-03-09 19:24 - 2014-07-07 08:00 - 00000000 ____D () C:\Users\Sabine\AppData\Local\TomTom
2015-03-09 19:24 - 2014-05-24 09:42 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Skype
2015-03-09 19:24 - 2013-07-27 11:50 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Macromedia
2015-03-09 19:24 - 2013-07-27 11:14 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Adobe
2015-03-09 19:24 - 2013-07-27 11:13 - 00000000 ____D () C:\Users\Sabine\AppData\Local\VirtualStore
2015-03-09 19:23 - 2013-07-27 11:12 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Packages
2015-03-09 19:14 - 2015-01-27 20:34 - 00000000 ____D () C:\ProgramData\Fenomen Games
2015-03-09 19:14 - 2015-01-12 21:58 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-09 19:14 - 2015-01-12 21:58 - 00000000 ____D () C:\BigFishCache
2015-03-09 19:14 - 2014-09-16 17:31 - 00000000 ____D () C:\ProgramData\Riot Games
2015-03-09 19:14 - 2014-07-14 20:07 - 00000000 ____D () C:\ProgramData\Synaptics
2015-03-09 19:14 - 2014-07-07 08:50 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Downloaded Installations
2015-03-09 19:14 - 2014-04-20 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 19:14 - 2014-04-20 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-09 19:14 - 2013-07-27 11:51 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Apps\2.0
2015-03-09 19:14 - 2012-11-14 18:56 - 00000000 ____D () C:\Toshiba
2015-03-09 19:14 - 2012-11-13 18:45 - 00000000 ____D () C:\ProgramData\Intel
2015-03-09 18:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-09 18:51 - 2013-07-27 11:14 - 00000000 ____D () C:\Users\Sabine\AppData\Local\SRS Labs
2015-03-09 18:40 - 2012-11-13 18:46 - 00000000 ____D () C:\ProgramData\Toshiba
2015-03-09 18:39 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-09 17:06 - 2014-09-23 22:06 - 00554930 _____ () C:\WINDOWS\PFRO.log
2015-03-09 16:20 - 2014-03-01 18:16 - 00000000 ____D () C:\AdwCleaner
2015-03-08 21:59 - 2015-01-12 21:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-08 21:58 - 2013-07-28 10:56 - 00000000 ____D () C:\Users\Sabine\AppData\Local\TOSHIBA
2015-03-08 21:56 - 2012-11-13 18:14 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-06 22:57 - 2015-01-30 23:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-03-06 22:56 - 2015-01-30 23:53 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-03-03 14:17 - 2014-11-23 19:03 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-01 22:23 - 2015-01-31 00:11 - 00249900 _____ () C:\WINDOWS\DirectX.log
2015-02-27 04:11 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-25 22:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-19 21:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:36 - 2013-08-16 09:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 21:36 - 2013-07-29 08:53 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 21:26 - 2013-08-22 15:44 - 00478840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 19:10 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2014-11-09 19:34 - 2014-11-09 19:34 - 0003584 _____ () C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\BingBarSetup-Partner.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-09 21:27
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Sabine at 2015-03-10 15:11:43
Running from C:\Users\Sabine\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Schlumpiwutz Magixx 2 (HKLM-x32\...\BFG-Schlumpiwutz Magixx 2) (Version: - )
Sea Journey (HKLM-x32\...\BFG-Sea Journey) (Version: - )
Season Match (HKLM-x32\...\BFG-Season Match) (Version: - )
Season Match 2 (HKLM-x32\...\BFG-Season Match 2) (Version: - )
Season Match 3 - Der Fluch der Krähe (HKLM-x32\...\BFG-Season Match 3 - Der Fluch der Kraehe) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Simplz Zoo (HKLM-x32\...\BFG-Simplz Zoo) (Version: - )
Sister's Secrecy: Mysteriöse Abstammung (HKLM-x32\...\BFG-Sister's Secrecy - Mysterioese Abstammung) (Version: - )
Sister's Secrecy: Mysteriöse Abstammung Sammleredition (HKLM-x32\...\BFG-Sister's Secrecy - Mysterioese Abstammung Sammleredition) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spooky Bonus (HKLM-x32\...\BFG-Spooky Bonus) (Version: - )
Spring Bonus (HKLM-x32\...\BFG-Spring Bonus) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Tales of Empire: Rome (HKLM-x32\...\BFG-Tales of Empire - Rome) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4118408264-1509292953-1894101598-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sabine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
14-02-2015 20:59:20 DirectX wurde installiert
25-02-2015 22:09:13 Windows Update
01-03-2015 22:22:01 DirectX wurde installiert
06-03-2015 22:49:02 Microsoft Visual C++ 2005 Redistributable wird installiert
09-03-2015 18:35:23 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {6D3F6E6E-8503-4E37-8A5E-4809916F7EC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {9A0C5FF2-44D2-4BB0-8B69-C45C4CBD0722} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9F7D7451-1A90-44F6-92ED-B5BD242A75B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {B91A928C-EB4B-47D8-9E6F-55D569C525B2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C384932C-0316-49C9-8E5A-6889A76D11E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {CC2BDBC3-5414-4C4D-899A-32B9CC5741A3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4118408264-1509292953-1894101598-1001
Task: {EAE63342-AFB1-4097-9CB2-31236ADCD68B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-11-04 18:22 - 2013-11-04 18:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-02-01 23:51 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-09 23:27 - 2015-02-28 02:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-09 23:27 - 2015-02-28 02:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-09 23:27 - 2015-02-28 02:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:00258EE7
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0940DE92
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0C9CD455
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0EE45B2D
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:10873493
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:151760F0
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:1A8BB29B
AlternateDataStreams: C:\ProgramData\TEMP:1CE87230
AlternateDataStreams: C:\ProgramData\TEMP:1D8AAA7B
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:213AFE42
AlternateDataStreams: C:\ProgramData\TEMP:23622B8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2F0007D6
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:329BA65B
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:339562A6
AlternateDataStreams: C:\ProgramData\TEMP:33EA030E
AlternateDataStreams: C:\ProgramData\TEMP:3473F385
AlternateDataStreams: C:\ProgramData\TEMP:35A81752
AlternateDataStreams: C:\ProgramData\TEMP:3991CD7D
AlternateDataStreams: C:\ProgramData\TEMP:3ADB6F65
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:47FE7AB7
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4DA46765
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:51E83E25
AlternateDataStreams: C:\ProgramData\TEMP:5216EF84
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:561568A4
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D
AlternateDataStreams: C:\ProgramData\TEMP:5CE65446
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5FBC2BC4
AlternateDataStreams: C:\ProgramData\TEMP:5FD47318
AlternateDataStreams: C:\ProgramData\TEMP:6378B6B8
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6C031E3E
AlternateDataStreams: C:\ProgramData\TEMP:6F0C95A1
AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B
AlternateDataStreams: C:\ProgramData\TEMP:706B1D1A
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:70E59E5A
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:7EABF26C
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:84CFEE62
AlternateDataStreams: C:\ProgramData\TEMP:85A0F6D2
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87B92F7B
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:880F0FEF
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8C6D2EC3
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:9290C91C
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:9331E9D2
AlternateDataStreams: C:\ProgramData\TEMP:95775248
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:9ACE4E8E
AlternateDataStreams: C:\ProgramData\TEMP:9B3B8E95
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C337CCE
AlternateDataStreams: C:\ProgramData\TEMP:9C8D5426
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B67A5784
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:B9E9A5F9
AlternateDataStreams: C:\ProgramData\TEMP:BA516E94
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:C20426BD
AlternateDataStreams: C:\ProgramData\TEMP:C3C72D5F
AlternateDataStreams: C:\ProgramData\TEMP:C3D26A8A
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CCB49694
AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D4D3884D
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6BC791F
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DE892EFB
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E1CC2D5E
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6DFB241
AlternateDataStreams: C:\ProgramData\TEMP:E8FF27EA
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE3A2438
AlternateDataStreams: C:\ProgramData\TEMP:EF4FB3C5
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F39FAB77
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\Users\Sabine\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-4118408264-1509292953-1894101598-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-4118408264-1509292953-1894101598-500 - Administrator - Disabled)
Gast (S-1-5-21-4118408264-1509292953-1894101598-501 - Limited - Disabled)
Sabine (S-1-5-21-4118408264-1509292953-1894101598-1001 - Administrator - Enabled) => C:\Users\Sabine
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2015 03:01:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Solitaire.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f38
Startzeit: 01d05ad607f2e8d7
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe
Berichts-ID: 62d0e96b-c6c9-11e4-beba-c0d9623815a5
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (03/10/2015 03:01:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LÄPPI)
Description: Die App „Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (03/09/2015 10:18:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:18:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:18:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:18:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:07:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:07:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:06:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/09/2015 10:06:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (03/09/2015 08:26:05 PM) (Source: DCOM) (EventID: 10010) (User: LÄPPI)
Description: App
Error: (03/09/2015 08:17:48 PM) (Source: DCOM) (EventID: 10010) (User: LÄPPI)
Description: MicrosoftMahjong
Error: (03/09/2015 05:06:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Microsoft Office Sessions:
=========================
Error: (03/10/2015 03:01:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.0f3801d05ad607f2e8d74294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe62d0e96b-c6c9-11e4-beba-c0d9623815a5Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbweApp
Error: (03/10/2015 03:01:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LÄPPI)
Description: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App
Error: (03/09/2015 10:18:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_enu.exe
Error: (03/09/2015 10:18:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_enu.exe
Error: (03/09/2015 10:18:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_enu.exe
Error: (03/09/2015 10:18:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
Error: (03/09/2015 10:07:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
Error: (03/09/2015 10:07:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
Error: (03/09/2015 10:06:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
Error: (03/09/2015 10:06:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Sabine\Downloads\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2015-02-28 22:54:56.674
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-20 22:14:09.199
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-13 21:46:06.493
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-25 09:44:26.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-24 07:21:01.438
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-14 21:55:20.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-18 21:06:53.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-11 20:57:28.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-24 21:42:30.884
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 38%
Total physical RAM: 3979.22 MB
Available physical RAM: 2449.37 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 2955.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (TI31018700A) (Fixed) (Total:454.48 GB) (Free:418.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
__________________ Beste Grüße, Kuhlambo12 |
|
11.03.2015, 06:50
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen sieht gut aus
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2015, 15:59
| #9 |
| | Windows 8.1 nach Programminstallation komplett zerschossen Alles klar, dank dir. Hast du irgendeine Idee warum die Dokumente denn auf einmal weg sind?
__________________ Beste Grüße, Kuhlambo12 |
|
12.03.2015, 08:55
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen Bei einer Wiederherstellung gehen immer alle Daten flöten, die zwischen dem Punkt und dem aktuellen Stand angelegt oder geändert wurden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 15:40
| #11 |
| | Windows 8.1 nach Programminstallation komplett zerschossen Ah ok, was mir aber verwundert ist halt die Tatsache, dass mir die Fotos in der Vorschau noch angezeigt werden. Nur sobald man die FotoApp öffnet wird gemeldet, dass sie nicht mehr da sind.
__________________ Beste Grüße, Kuhlambo12 |
|
13.03.2015, 08:32
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen Windows  nee keine Ahnung was da los ist
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.03.2015, 02:48
| #13 |
| | Windows 8.1 nach Programminstallation komplett zerschossen Alles klar, vielen dank aufjedenfall. Dann ist ja nochmal alles mehr oder weniger gut gegangen. 
__________________ Beste Grüße, Kuhlambo12 |
|
14.03.2015, 12:38
| #14 |
| /// the machine /// TB-Ausbilder | Windows 8.1 nach Programminstallation komplett zerschossen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8.1 nach Programminstallation komplett zerschossen |
| administrator, adobe, avast, browser, defender, explorer, google, home, hotkey, malwarebytes, microsoft, nvidia, programm, programme, realtek, registry, scan, schließen, services.exe, software, svchost.exe, system, taskmanager, windows, windowsapps, winlogon.exe |
Linear-Darstellung
