| Jeremy_Sky | 14.02.2015 10:52 |
FRST - Addition
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Theo van Rickelen (administrator) on WORKSTATION on 14-02-2015 10:48:38
Running from C:\Users\Theo van Rickelen\Desktop
Loaded Profiles: Theo van Rickelen (Available profiles: Theo van Rickelen & UpdatusUser & .NET v4.5 & .NET v4.5 Classic)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2014-04-21] (VIA)
HKLM-x32\...\Run: [HotSync] => "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
HKLM-x32\...\RunOnce: [Binkiland] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\THEOVA~1\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\Run: [Amazon Music] => C:\Users\Theo van Rickelen\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\Run: [GetNowUpdater] => C:\Users\Theo van Rickelen\AppData\Roaming\GetNowUpdater\update.6\bin\GetNowUpdater.exe [4252800 2014-12-04] (Live Soft Action S.R.L.)
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\RunOnce: [Binkiland] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\THEOVA~1\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Symantec Fax Starter Edition-Anschluss.lnk
ShortcutTarget: Symantec Fax Starter Edition-Anschluss.lnk -> C:\Program Files (x86)\Microsoft Office\Office\1031\OLFSNT40.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://binkiland.com/?f=1&a=bnk_adkpub_15_06&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0BzzzyyD0CtB0CtBzy0AtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtBzyyCzyzy0EtCtGzzyC0BtBtGtAyD0D0CtG0F0CyB0EtGtAyCzzyDyB0DtD0Fzy0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DtByBtDtDyEtGyCyB0A0CtGyEyEtBtDtG0ByDtDtCtG0BzzzytAtCzzyEyC0DtAzz0D2Q&cr=198638036&ir=
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-3765307835-3830276005-1159549685-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3765307835-3830276005-1159549685-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3765307835-3830276005-1159549685-1001 -> {4971BFD7-C644-42D7-8845-11328F7847BA} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_06&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0BzzzyyD0CtB0CtBzy0AtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtBzyyCzyzy0EtCtGzzyC0BtBtGtAyD0D0CtG0F0CyB0EtGtAyCzzyDyB0DtD0Fzy0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DtByBtDtDyEtGyCyB0A0CtGyEyEtBtDtG0ByDtDtCtG0BzzzytAtCzzyEyC0DtAzz0D2Q&cr=198638036&ir=
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Theo van Rickelen\AppData\Roaming\Mozilla\Firefox\Profiles\u0g717lf.default
FF DefaultSearchEngine: Yahoo!
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Theo van Rickelen\AppData\Roaming\Mozilla\Firefox\Profiles\u0g717lf.default\user.js
FF SearchPlugin: C:\Users\Theo van Rickelen\AppData\Roaming\Mozilla\Firefox\Profiles\u0g717lf.default\searchplugins\Binkiland.xml
FF SearchPlugin: C:\Users\Theo van Rickelen\AppData\Roaming\Mozilla\Firefox\Profiles\u0g717lf.default\searchplugins\yahoo_ff.xml
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_adkpub_15_06&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0BzzzyyD0CtB0CtBzy0AtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtBzyyCzyzy0EtCtGzzyC0BtBtGtAyD0D0CtG0F0CyB0EtGtAyCzzyDyB0DtD0Fzy0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DtByBtDtDyEtGyCyB0A0CtGyEyEtBtDtG0ByDtDtCtG0BzzzytAtCzzyEyC0DtAzz0D2Q&cr=198638036&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_adkpub_15_06&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0BzzzyyD0CtB0CtBzy0AtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtBzyyCzyzy0EtCtGzzyC0BtBtGtAyD0D0CtG0F0CyB0EtGtAyCzzyDyB0DtD0Fzy0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DtByBtDtDyEtGyCyB0A0CtGyEyEtBtDtG0ByDtDtCtG0BzzzytAtCzzyEyC0DtAzz0D2Q&cr=198638036&ir=", "https://de.search.yahoo.com/?type=523482&fr=yo-yhp-ch"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-20]
CHR Extension: (Google-Suche) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Google Mail) - C:\Users\Theo van Rickelen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-04-23] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-23] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-23] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Update Follow Rules; "C:\Program Files (x86)\Follow Rules\updateFollowRules.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AceecaUSBDx64; C:\Windows\System32\drivers\AceecaUSBDx64.sys [66552 2014-04-26] (PalmSource, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-04-23] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {9f96a9b5-96a5-4002-8a88-ee75706a9e27}Gw64; C:\Windows\System32\drivers\{9f96a9b5-96a5-4002-8a88-ee75706a9e27}Gw64.sys [48784 2015-02-06] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 10:48 - 2015-02-14 10:49 - 00012618 _____ () C:\Users\Theo van Rickelen\Desktop\FRST.txt
2015-02-14 10:48 - 2015-02-14 10:48 - 00000000 ____D () C:\FRST
2015-02-14 10:47 - 2015-02-14 10:47 - 02134016 _____ (Farbar) C:\Users\Theo van Rickelen\Desktop\FRST64.exe
2015-02-14 10:33 - 2015-02-14 10:33 - 00000086 _____ () C:\Neu Textdokument.txt
2015-02-11 20:39 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 20:39 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 20:39 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 20:39 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 20:39 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 20:39 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 20:39 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 20:39 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:26 - 2015-02-11 20:26 - 00012288 _____ () C:\Windows\system32\umstartup.etl
2015-02-11 17:05 - 2015-02-11 17:05 - 00000000 ____D () C:\Windows\pss
2015-02-07 16:22 - 2014-06-05 20:21 - 36336080 _____ (Amazon) C:\Users\Theo van Rickelen\Downloads\Kopie von AmazonCloudPlayerInstaller (1).exe
2015-02-07 15:55 - 2015-02-07 15:55 - 00000000 ____D () C:\$WINDOWS.~BT
2015-02-07 15:53 - 2015-02-11 19:37 - 00000000 _____ () C:\Recovery.txt
2015-02-07 15:53 - 2015-02-07 15:53 - 00000000 __SHD () C:\Recovery
2015-02-06 10:46 - 2015-02-06 01:35 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{9f96a9b5-96a5-4002-8a88-ee75706a9e27}Gw64.sys
2015-02-06 10:45 - 2015-02-06 10:45 - 00058044 _____ () C:\Users\Theo van Rickelen\Downloads\10,5 Tage-Rhythmus.xlsm
2015-02-06 10:43 - 2015-02-06 10:43 - 00000000 ____D () C:\Users\Theo van Rickelen\AppData\Roaming\Opera Software
2015-02-06 10:43 - 2015-02-06 10:43 - 00000000 ____D () C:\Users\Theo van Rickelen\AppData\Local\Opera Software
2015-02-06 10:38 - 2015-02-06 10:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-06 10:37 - 2015-02-06 10:37 - 00000000 ____D () C:\Users\Theo van Rickelen\Documents\PC Speed Maximizer
2015-02-06 10:33 - 2015-02-11 22:34 - 00000346 _____ () C:\Windows\Tasks\Binkiland.job
2015-02-06 10:33 - 2015-02-06 11:03 - 00000000 ____D () C:\Program Files (x86)\Follow Rules
2015-02-06 10:33 - 2015-02-06 10:33 - 00002684 _____ () C:\Windows\System32\Tasks\Binkiland
2015-02-06 10:33 - 2015-02-06 10:33 - 00000000 ____D () C:\Users\Theo van Rickelen\AppData\Roaming\Binkiland
2015-02-06 10:32 - 2015-02-06 10:30 - 01110476 _____ () C:\Users\Theo van Rickelen\Downloads\Setup.exe
2015-02-06 10:28 - 2015-02-06 10:29 - 00713424 _____ (Adknowledge) C:\Users\Theo van Rickelen\Downloads\XLSM Opener.exe
2015-01-29 20:34 - 2015-01-29 20:34 - 04357644 _____ () C:\Saudat-2015-01-29.zip
2015-01-23 18:12 - 2015-01-23 18:12 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-01-23 18:12 - 2015-01-23 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX710 series
2015-01-23 18:11 - 2015-01-23 18:11 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-23 18:09 - 2015-01-23 18:11 - 30346824 _____ () C:\Users\Theo van Rickelen\Downloads\mp68-win-mx710-1_02-ea24.exe
2015-01-18 19:25 - 2015-01-25 19:14 - 00000000 ____D () C:\Users\Theo van Rickelen\AppData\Roaming\.oit
2015-01-18 19:24 - 2015-01-18 19:24 - 00000000 ____D () C:\Program Files (x86)\FoxPDF Software Inc
2015-01-18 19:23 - 2015-01-18 19:23 - 11819037 _____ (FoxPDF Software Inc ) C:\Users\Theo van Rickelen\Downloads\XlsXViewer(1).exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00236344 _____ () C:\Users\Theo van Rickelen\Downloads\XlsXViewer.exe
2015-01-18 19:14 - 2015-01-18 19:09 - 00012770 _____ () C:\Users\Theo van Rickelen\Downloads\Termine 2015 MVA Übersicht-8.xlsx
2015-01-18 19:05 - 2015-01-18 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-18 19:04 - 2015-01-18 19:04 - 00000000 __SHD () C:\Users\Theo van Rickelen\AppData\Local\EmieBrowserModeList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 10:48 - 2013-08-22 15:46 - 00114835 _____ () C:\Windows\setupact.log
2015-02-14 10:46 - 2014-04-20 11:04 - 01437911 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 10:45 - 2014-04-20 13:13 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{59DAFBAC-9816-41F1-9629-9F34FD93747F}
2015-02-14 10:42 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 09:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-12 21:02 - 2014-04-20 13:13 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 20:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-12 20:33 - 2013-08-22 15:44 - 00367544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 20:29 - 2014-12-11 10:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 20:29 - 2014-07-11 08:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 20:29 - 2014-04-20 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 20:26 - 2014-04-20 12:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 20:26 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 20:24 - 2014-04-20 11:17 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3765307835-3830276005-1159549685-1001
2015-02-11 21:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-11 21:25 - 2014-04-20 11:11 - 00000000 ____D () C:\Users\Theo van Rickelen
2015-02-07 16:43 - 2014-04-20 13:17 - 00000000 ____D () C:\Sicherung Schläge
2015-02-07 16:42 - 2014-04-20 13:18 - 00000000 ____D () C:\KWwin
2015-02-07 16:17 - 2014-04-21 14:00 - 00000000 ____D () C:\Users\Theo van Rickelen\Abschlußfeirer Leonie
2015-02-07 16:04 - 2014-04-23 16:34 - 00000000 ____D () C:\Users\.NET v4.5
2015-02-07 16:04 - 2014-04-23 16:33 - 00000000 ____D () C:\Users\.NET v4.5 Classic
2015-02-07 15:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2015-02-07 15:59 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-02-07 15:30 - 2014-04-20 13:13 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 11:03 - 2014-04-26 11:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 11:03 - 2014-04-20 10:56 - 00010658 _____ () C:\Windows\PFRO.log
2015-02-06 10:57 - 2014-04-20 13:13 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 10:57 - 2014-04-20 13:13 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 10:57 - 2014-04-20 13:13 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 10:46 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2015-02-06 10:32 - 2014-09-22 07:28 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-05 19:25 - 2014-04-26 12:45 - 00000000 ____D () C:\Users\Theo van Rickelen\Desktop\Formulare Betrieb
2015-01-31 10:54 - 2014-10-07 06:52 - 00000000 ____D () C:\Users\Theo van Rickelen\.phase-6
2015-01-29 20:36 - 2014-04-20 11:09 - 02061176 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 20:36 - 2013-08-23 00:24 - 00875926 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 20:36 - 2013-08-23 00:24 - 00200576 _____ () C:\Windows\system32\perfc007.dat
2015-01-24 21:20 - 2014-04-20 13:08 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-04-20 13:08 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:23 - 2014-06-04 20:02 - 00016384 ___SH () C:\Users\Theo van Rickelen\Desktop\Thumbs.db
2015-01-22 13:14 - 2014-04-26 12:34 - 08319982 _____ () C:\Windows\system32\Drivers\TRACES.TXT
==================== Files in the root of some directories =======
1999-04-29 22:00 - 1999-04-29 22:00 - 0099840 _____ (Symantec Corp.) C:\Program Files (x86)\Common Files\IRAABOUT.DLL
1999-04-29 22:00 - 1999-04-29 22:00 - 0048640 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRALPTTR.DLL
1999-04-29 22:00 - 1999-04-29 22:00 - 0070144 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAMDMTR.DLL
1999-04-29 22:00 - 1999-04-29 22:00 - 0186368 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAREG.DLL
1999-04-29 22:00 - 1999-04-29 22:00 - 0017920 _____ (Symantec Corp.) C:\Program Files (x86)\Common Files\IRASRIAL.DLL
1999-04-29 22:00 - 1999-04-29 22:00 - 0031744 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAWEBTR.DLL
Files to move or delete:
====================
C:\Users\Theo van Rickelen\ackerschlag.exe
C:\Users\Theo van Rickelen\April 2013.exe
Some content of TEMP:
====================
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna1016503699084536077.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna1880251458538013402.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna2382788506229640324.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna2424419840369173824.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna2465644966319957717.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna2664548649442565252.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna3036267034060069587.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna3089324197675366511.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna3766056243247871053.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna4681103642169360662.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna4959807788564204991.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna5127442474787459253.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna5700994643201996123.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna6246697423654066021.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna6323233713548722765.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna6833637014461457514.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna741790886067020230.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna7459554100759013362.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna7534386069498648043.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8038124017191081151.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8177455160518542831.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8298157921680078753.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8355724581931439818.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8631994828298755973.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\jna8732893001192784.hunspell-win-x86-32.dll
C:\Users\Theo van Rickelen\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Theo van Rickelen\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-12 20:24
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Theo van Rickelen at 2015-02-14 10:50:09
Running from C:\Users\Theo van Rickelen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Amazon Music (HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - Canon Inc.)
GetnowUpdater (HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\GetNowUpdater) (Version: 1.23.2.1 - AppScion)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
NVIDIA Grafiktreiber 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Ihr Firmenname)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerBuilder Client Runtime (HKLM-x32\...\{F44EAEB2-332B-48B9-B1B7-E25EAB628124}) (Version: 9.0.0.0 - Sybase)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version: - )
Supersau 6 (HKLM-x32\...\Supersau 6) (Version: - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Voltcraft - Voltsoft System Version (HKLM-x32\...\{27383738-D10F-4186-A784-7AB19733654D}_is1) (Version: - Voltcraft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E17E8FA-BA32-4F59-90AC-B299BB645F28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {617DFA41-72B0-4EE6-B501-E8797870099D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {6D9EBCEB-A7B1-446C-8C9B-734C18EBD834} - System32\Tasks\Binkiland => C:\Users\Theo van Rickelen\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: {AE3CAF0B-F88D-4CA6-A19C-9A966D5BD7D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\THEOVA~1\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-01-03 17:17 - 2008-01-03 17:17 - 00005120 ____R () C:\Program Files (x86)\Palm\VFSLANG.DLL
2015-02-07 15:29 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 15:29 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 15:29 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Theo van Rickelen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Symantec Fax Starter Edition-Anschluss.lnk"
HKLM\...\StartupApproved\Run32: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "HotSync"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\StartupApproved\Run: => "BrowserChoice"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9DA8CF98DE876F08CDBDD275C5D68BE3"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\StartupApproved\Run: => "Search Protection"
HKU\S-1-5-21-3765307835-3830276005-1159549685-1001\...\StartupApproved\Run: => "GetNowUpdater"
==================== Accounts: =============================
Administrator (S-1-5-21-3765307835-3830276005-1159549685-500 - Administrator - Disabled)
Gast (S-1-5-21-3765307835-3830276005-1159549685-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3765307835-3830276005-1159549685-1003 - Limited - Enabled)
Theo van Rickelen (S-1-5-21-3765307835-3830276005-1159549685-1001 - Administrator - Enabled) => C:\Users\Theo van Rickelen
UpdatusUser (S-1-5-21-3765307835-3830276005-1159549685-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2015 09:15:00 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (02/06/2015 10:52:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 27.0.1689.66 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7a8
Startzeit: 01d041f1d6e035ab
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe
Berichts-ID: 9c3e1f19-ade5-11e4-8270-002522b895c2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/06/2015 10:42:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 31.0.1650.23, Zeitstempel: 0x54bd2f4d
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 31.0.1650.23, Zeitstempel: 0x54bd2f4d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002657f
ID des fehlerhaften Prozesses: 0xed0
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5
Error: (02/06/2015 10:33:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: uninstaller.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005cd54
ID des fehlerhaften Prozesses: 0x7b4
Startzeit der fehlerhaften Anwendung: 0xuninstaller.exe0
Pfad der fehlerhaften Anwendung: uninstaller.exe1
Pfad des fehlerhaften Moduls: uninstaller.exe2
Berichtskennung: uninstaller.exe3
Vollständiger Name des fehlerhaften Pakets: uninstaller.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: uninstaller.exe5
Error: (02/06/2015 10:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BNKSTU~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00012f71
ID des fehlerhaften Prozesses: 0x1048
Startzeit der fehlerhaften Anwendung: 0xBNKSTU~1.EXE0
Pfad der fehlerhaften Anwendung: BNKSTU~1.EXE1
Pfad des fehlerhaften Moduls: BNKSTU~1.EXE2
Berichtskennung: BNKSTU~1.EXE3
Vollständiger Name des fehlerhaften Pakets: BNKSTU~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BNKSTU~1.EXE5
Error: (02/06/2015 10:18:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Workstation)
Description: Die App „Microsoft.BingSports_3.0.4.244_x64__8wekyb3d8bbwe+AppexSports“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (02/06/2015 10:13:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11dc
Startzeit: 01d041ecf816473d
Endzeit: 4294967295
Anwendungspfad: C:\Windows\system32\wwahost.exe
Berichts-ID: 642728e3-ade0-11e4-8270-002522b895c2
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexNews
Error: (02/06/2015 10:13:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Workstation)
Description: Das Paket „Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/06/2015 10:12:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e78
Startzeit: 01d041ed019f5fd1
Endzeit: 4294967295
Anwendungspfad: C:\Windows\system32\wwahost.exe
Berichts-ID: 49a0b3f9-ade0-11e4-8270-002522b895c2
Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo
Error: (02/06/2015 10:12:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Workstation)
Description: Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (02/14/2015 10:42:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Follow Rules" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/14/2015 09:43:22 AM) (Source: volsnap) (EventID: 29) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error: (02/12/2015 09:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Follow Rules" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/12/2015 08:51:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Follow Rules" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/12/2015 08:33:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Follow Rules" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/12/2015 08:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3023562)
Error: (02/12/2015 08:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3020338)
Error: (02/12/2015 08:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8.1 für x64-Systeme (KB3021953)
Error: (02/12/2015 08:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3019868)
Error: (02/12/2015 08:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3004361)
Microsoft Office Sessions:
=========================
Error: (02/11/2015 09:15:00 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (02/06/2015 10:52:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe27.0.1689.667a801d041f1d6e035ab60000C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe9c3e1f19-ade5-11e4-8270-002522b895c2
Error: (02/06/2015 10:42:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe31.0.1650.2354bd2f4ddelegate_execute.exe31.0.1650.2354bd2f4dc00000050002657fed001d041f12bc89005C:\Users\Theo van Rickelen\AppData\Local\Binkiland\Application\31.0.1650.23\delegate_execute.exeC:\Users\Theo van Rickelen\AppData\Local\Binkiland\Application\31.0.1650.23\delegate_execute.exe6ebcb3ed-ade4-11e4-8270-002522b895c2
Error: (02/06/2015 10:33:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstaller.exe0.0.0.02a425e19ntdll.dll6.3.9600.1727853eeb4a3c00000050005cd547b401d041f006f91497C:\Users\THEOVA~1\AppData\Local\Temp\is620310607\1206BA55_stp\uninstaller.exeC:\Windows\SYSTEM32\ntdll.dll44e32a19-ade3-11e4-8270-002522b895c2
Error: (02/06/2015 10:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BNKSTU~1.EXE0.0.0.02a425e19KERNELBASE.dll6.3.9600.1727853eeb460000006a600012f71104801d041efe532a8bcC:\Users\THEOVA~1\AppData\Local\Temp\BNKSTU~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll31d6a322-ade3-11e4-8270-002522b895c2
Error: (02/06/2015 10:18:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Workstation)
Description: Microsoft.BingSports_3.0.4.244_x64__8wekyb3d8bbwe+AppexSports
Error: (02/06/2015 10:13:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703111dc01d041ecf816473d4294967295C:\Windows\system32\wwahost.exe642728e3-ade0-11e4-8270-002522b895c2Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbweAppexNews
Error: (02/06/2015 10:13:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Workstation)
Description: Microsoft.BingNews_3.0.4.268_x64__8wekyb3d8bbwe+AppexNews
Error: (02/06/2015 10:12:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031e7801d041ed019f5fd14294967295C:\Windows\system32\wwahost.exe49a0b3f9-ade0-11e4-8270-002522b895c2Microsoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo
Error: (02/06/2015 10:12:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Workstation)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2144927142
CodeIntegrity Errors:
===================================
Date: 2015-02-01 18:20:29.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 18:20:28.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 18:20:28.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 18:20:26.489
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 18:20:26.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-29 08:16:45.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-29 08:16:44.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-29 08:16:44.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-29 08:16:44.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-29 08:16:42.267
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 59%
Total physical RAM: 1791.3 MB
Available physical RAM: 726.24 MB
Total Pagefile: 2687.3 MB
Available Pagefile: 1201.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Win 8.1) (Fixed) (Total:337.77 GB) (Free:308.84 GB) NTFS
Drive d: (Win XP) (Fixed) (Total:127.99 GB) (Free:90.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6DF14F71)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=337.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
