| Computerneul | 21.03.2014 14:58 |
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by B (administrator) on BN on 21-03-2014 14:30:54
Running from C:\Users\B\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AOL Inc.) C:\Users\Britta\AppData\Local\AOL\AIM\aim.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1391462244\ee\aolsoftware.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1391462244\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1735832147-1251809737-2974816819-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1735832147-1251809737-2974816819-1001\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72760 2013-09-07] (AOL Inc.)
HKU\S-1-5-21-1735832147-1251809737-2974816819-1001\...\Run: [AIM for Windows] - C:\Users\B\AppData\Local\AOL\AIM\aim.exe [1074216 2013-09-09] (AOL Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000013&tb_uuid=28FC552A92D84A8789A23D43FC454F43
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {3F8E8A6F-4834-4065-94CA-17FB4AA79321} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {3F8E8A6F-4834-4065-94CA-17FB4AA79321} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {36E835C3-0C27-4694-87A4-96A97B90210C} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKLM-x32 - {3F8E8A6F-4834-4065-94CA-17FB4AA79321} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {3F8E8A6F-4834-4065-94CA-17FB4AA79321} URL =
SearchScopes: HKCU - {EC14B5C1-6246-4A6A-B663-EE820DB667A7} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKCU - AOL Messaging Toolbar - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) =================
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-21 14:30 - 2014-03-21 14:31 - 00012255 _____ () C:\Users\B\Desktop\FRST.txt
2014-03-21 14:30 - 2014-03-21 14:30 - 02157056 _____ (Farbar) C:\Users\B\Desktop\FRST64.exe
2014-03-21 14:30 - 2014-03-21 14:30 - 00000000 ____D () C:\FRST
2014-03-21 14:21 - 2014-03-21 14:21 - 00281248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-21 14:17 - 2014-03-21 14:23 - 00000000 ____D () C:\AdwCleaner
2014-03-21 14:17 - 2014-03-21 14:17 - 01950720 _____ () C:\Users\B\Desktop\adwcleaner_3.022.exe
2014-03-18 21:01 - 2014-03-18 21:01 - 04493528 _____ () C:\Users\B\Downloads\2013-05-15_AG_Informationen_zum_Einstieg.pptx
2014-03-17 21:27 - 2014-03-17 21:27 - 04104920 _____ () C:\Users\B\Downloads\get_file.asx
2014-03-11 19:03 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-11 19:03 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-11 19:03 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-03-11 18:45 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-11 18:45 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-11 18:45 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-03-11 18:45 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-03-11 18:45 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-11 18:45 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-11 18:45 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-11 18:45 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-11 18:45 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-11 18:45 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-11 18:45 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-11 18:45 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-11 18:45 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-11 18:45 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-11 18:45 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-11 18:45 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-03-11 18:44 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-11 18:44 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 18:44 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 18:44 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-11 18:44 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-03-11 18:44 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
==================== One Month Modified Files and Folders =======
2014-03-21 14:31 - 2014-03-21 14:30 - 00012255 _____ () C:\Users\B\Desktop\FRST.txt
2014-03-21 14:30 - 2014-03-21 14:30 - 02157056 _____ (Farbar) C:\Users\B\Desktop\FRST64.exe
2014-03-21 14:30 - 2014-03-21 14:30 - 00000000 ____D () C:\FRST
2014-03-21 14:28 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-03-21 14:28 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-03-21 14:28 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-21 14:27 - 2012-09-10 22:14 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-03-21 14:23 - 2014-03-21 14:17 - 00000000 ____D () C:\AdwCleaner
2014-03-21 14:21 - 2014-03-21 14:21 - 00281248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-21 14:21 - 2012-09-10 22:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-21 14:21 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-21 14:20 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-03-21 14:17 - 2014-03-21 14:17 - 01950720 _____ () C:\Users\B\Desktop\adwcleaner_3.022.exe
2014-03-21 14:14 - 2014-02-03 21:35 - 01399387 _____ () C:\windows\WindowsUpdate.log
2014-03-21 14:08 - 2014-02-03 22:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-03-20 19:16 - 2014-02-03 22:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-19 18:54 - 2014-02-07 13:58 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 18:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-03-19 18:52 - 2014-02-07 13:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 21:01 - 2014-03-18 21:01 - 04493528 _____ () C:\Users\B\Downloads\2013-05-15_AG_Informationen_zum_Einstieg.pptx
2014-03-18 20:37 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-03-17 21:27 - 2014-03-17 21:27 - 04104920 _____ () C:\Users\B\Downloads\get_file.asx
2014-03-14 21:45 - 2014-02-03 21:40 - 00000000 ___RD () C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 21:45 - 2014-02-03 21:40 - 00000000 ___RD () C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 21:41 - 2012-09-11 06:42 - 00008612 _____ () C:\windows\PFRO.log
2014-03-14 21:39 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ToastData
2014-03-14 21:39 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 21:39 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 21:39 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 21:39 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 21:19 - 2012-09-10 22:12 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-11 19:08 - 2014-02-03 22:20 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-04 23:52 - 2014-02-10 13:16 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2014-02-10 13:16 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 19:00 - 2014-02-03 21:57 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1735832147-1251809737-2974816819-1001
2014-02-27 21:00 - 2014-01-21 19:41 - 00000000 ____D () C:\Users\B\Documents\H. Schraps2
2014-02-23 09:13 - 2014-03-11 18:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-11 18:45 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-11 18:45 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-23 09:13 - 2014-03-11 18:45 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-23 09:13 - 2014-03-11 18:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-11 18:45 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-11 18:45 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-23 09:12 - 2014-03-11 18:45 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-11 18:45 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-11 18:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-11 18:45 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-23 07:54 - 2014-03-11 18:45 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-11 18:45 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-11 18:45 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-11 18:45 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-23 05:06 - 2014-03-11 18:45 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-21 19:17 - 2012-07-26 09:12 - 00000000 ___HD () C:\windows\ELAMBKUP
Some content of TEMP:
====================
C:\Users\B\AppData\Local\Temp\AcsInstall.dll
C:\Users\B\AppData\Local\Temp\aol-messaging_trio2456.exe
C:\Users\B\AppData\Local\Temp\aol-messaging_trioD05A.exe
C:\Users\B\AppData\Local\Temp\SHFOLDER.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-19 18:52
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by B at 2014-03-21 14:31:50
Running from C:\Users\B\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version: - AOL Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOL Messaging Toolbar (HKLM-x32\...\AIM Toolbar) (Version: - AOL Inc.)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
==================== Restore Points =========================
08-03-2014 20:39:29 Geplanter Prüfpunkt
19-03-2014 18:03:00 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {1980A3F5-01AD-4DD1-B680-65C6A1605B89} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E4DF36C3-59E9-4DF9-A37C-DA755127DFEB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F13F0CA9-2A82-4ACD-B4ED-E3179C27629E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F14CE675-0287-4E58-96D2-02A758F9A059} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-26 08:58 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-07-31 08:11 - 2012-07-31 08:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2013-09-09 22:39 - 2013-09-09 22:39 - 23782440 _____ () C:\Users\B\AppData\Local\AOL\AIM\libcef.dll
2013-09-09 19:51 - 2013-10-08 18:35 - 16233864 _____ () C:\Users\B\AppData\Local\AOL\AIM\npswf32.dll
2013-09-07 18:20 - 2013-09-07 18:20 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2013-09-07 18:19 - 2013-09-07 18:19 - 21117440 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2013-09-07 18:19 - 2013-09-07 18:19 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2013-09-07 18:19 - 2013-09-07 18:19 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll
2013-09-07 18:19 - 2013-09-07 18:19 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll
2013-09-07 18:19 - 2013-09-07 18:19 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll
2012-11-27 00:49 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/21/2014 01:07:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x205c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/21/2014 01:07:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x1178
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/21/2014 01:06:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x1b04
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/21/2014 01:06:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x2b80
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/21/2014 01:06:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x2d78
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/21/2014 01:06:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x75ab5f8c
ID des fehlerhaften Prozesses: 0x2ad0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (03/19/2014 06:52:21 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
Error: (03/18/2014 05:04:27 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/16/2014 02:05:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/14/2014 01:51:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
System errors:
=============
Error: (03/21/2014 02:21:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/18/2014 08:47:28 PM) (Source: DCOM) (User: BN)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (03/14/2014 09:44:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Nero Update erreicht.
Error: (03/14/2014 09:43:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (03/14/2014 09:42:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/14/2014 09:33:08 PM) (Source: DCOM) (User: BN)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (03/10/2014 07:15:47 PM) (Source: DCOM) (User: BN)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (03/08/2014 00:21:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/08/2014 00:21:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht.
Error: (02/25/2014 07:01:54 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "McAfee Anti-Spam Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Microsoft Office Sessions:
=========================
Error: (03/21/2014 01:07:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c205c01cf44fe1861d5e5C:\windows\SysWOW64\svchost.exeunknown57e64809-b0f1-11e3-be78-7054d2416e4c
Error: (03/21/2014 01:07:03 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c117801cf44fe101f745aC:\windows\SysWOW64\svchost.exeunknown4fa47dc9-b0f1-11e3-be78-7054d2416e4c
Error: (03/21/2014 01:06:34 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c1b0401cf44fdff33d64fC:\windows\SysWOW64\svchost.exeunknown3eb6710d-b0f1-11e3-be78-7054d2416e4c
Error: (03/21/2014 01:06:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c2b8001cf44fdfc7a7c93C:\windows\SysWOW64\svchost.exeunknown3bff1024-b0f1-11e3-be78-7054d2416e4c
Error: (03/21/2014 01:06:19 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c2d7801cf44fdf5de2ceaC:\windows\SysWOW64\svchost.exeunknown35618a90-b0f1-11e3-be78-7054d2416e4c
Error: (03/21/2014 01:06:08 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c000000575ab5f8c2ad001cf44fdef691bcbC:\windows\SysWOW64\svchost.exeunknown2f3a1dc3-b0f1-11e3-be78-7054d2416e4c
Error: (03/19/2014 06:52:21 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Error: (03/18/2014 05:04:27 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/16/2014 02:05:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/14/2014 01:51:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 6025.22 MB
Available physical RAM: 4329.01 MB
Total Pagefile: 7049.22 MB
Available Pagefile: 5307.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (TI30992300A) (Fixed) (Total:688.17 GB) (Free:647.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
SecurityCheck und: