|
Plagegeister aller Art und deren Bekämpfung: BlockAndSurf loswerden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.12.2014, 15:22 | #1 |
| BlockAndSurf loswerden! Hallo zusammen, ich habe mir vor ein paar Tagen BlockAndSurf angelacht, was meinen ganzen Browser natürlich ziemlich durcheinander bringt. Meine Daten: Windows 7 Professional 64 bit System AMD ATHLON II X4 630 Processor 2.80GHz Darauf hin hab ich natürlich alles versucht um das Problem zu beseitigen. Ich hab erstmal versucht die Tips im Thread abzuarbeiten (http://www.trojaner-board.de/151318-...entfernen.html) Das hat leider keine Wirkung gezeigt, in der Firefox konfi, habe ich leider nichts mit dem Namen Block and Surf gefunden. Der ADW Cleaner hat mir folgenden Log ausgespuckt (und das Problem nicht behoben):AdwCleaner Logfile: Code:
ATTFilter AdwCleaner v4.103 - Bericht erstellt am 03/12/2014 um 14:43:08 # Aktualisiert 01/12/2014 von Xplode # Database : 2014-12-02.2 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Hexenschuss - HEXENSCHUSS-PC # Gestartet von : C:\Users\Hexenschuss\Downloads\adwcleaner_4.103.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : webinstrH ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Windows\SysWOW64\EsgScanner.sys Datei Gelöscht : C:\Windows\System32\drivers\webinstrH.sys ***** [ Tasks ] ***** Task Gelöscht : RocketTab ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Search Extensions Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter ***** [ Browser ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v33.1 (x86 de) -\\ Google Chrome v37.0.2062.124 ************************* AdwCleaner[R0].txt - [12449 octets] - [07/05/2014 20:25:51] AdwCleaner[R1].txt - [1306 octets] - [17/05/2014 10:56:25] AdwCleaner[R2].txt - [8057 octets] - [27/06/2014 20:29:12] AdwCleaner[R3].txt - [1440 octets] - [27/06/2014 20:54:39] AdwCleaner[R4].txt - [1989 octets] - [30/07/2014 17:56:19] AdwCleaner[R5].txt - [12269 octets] - [01/12/2014 00:22:13] AdwCleaner[R6].txt - [3659 octets] - [01/12/2014 01:17:59] AdwCleaner[R7].txt - [3720 octets] - [01/12/2014 01:20:02] AdwCleaner[R8].txt - [2191 octets] - [03/12/2014 14:41:36] AdwCleaner[S0].txt - [10480 octets] - [07/05/2014 20:28:56] AdwCleaner[S1].txt - [1367 octets] - [17/05/2014 10:57:49] AdwCleaner[S2].txt - [6745 octets] - [27/06/2014 20:30:05] AdwCleaner[S3].txt - [1501 octets] - [27/06/2014 20:55:34] AdwCleaner[S4].txt - [1953 octets] - [30/07/2014 17:57:17] AdwCleaner[S5].txt - [10739 octets] - [01/12/2014 00:23:49] AdwCleaner[S6].txt - [3518 octets] - [01/12/2014 01:21:30] AdwCleaner[S7].txt - [2006 octets] - [03/12/2014 14:43:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2066 octets] ########## Malwarebytes Anti-Malware : Code:
ATTFilter Version: 2.00.3.1025 Malware Database: v2014.12.02.04 Rootkit Database: v2014.12.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Hexenschuss Scan Type: Threat Scan Result: Completed Objects Scanned: 320838 Time Elapsed: 13 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, Quarantined, [1fed0e50611ba492a2135823f013e31d], Registry Values: 1 PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_322, Quarantined, [5fadc9950676c472bfaf0e46e81b44bc], Registry Data: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[39d3f668d5a724124406075611f48080] Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [39d3d787601c95a1a5e13b15c53e8c74], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by Hexenschuss on 03.12.2014 at 15:04:55,39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Hexenschuss\AppData\Roaming\mozilla\firefox\profiles\byf0sz2n.default-1417394244201\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.12.2014 at 15:08:36,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sc- Cleaner: Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler) Bleeping Computer - Technical Support and Computer Help Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: Shortcut Cleaner Download Windows Version: Windows 7 Professional Service Pack 1 Program started at: 12/03/2014 03:12:48 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Hexenschuss\Desktop 0 bad shortcuts found. Program finished at: 12/03/2014 03:12:49 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) Ich hoffe es gibt doch noch eine Lösung für mich :) Vielen Dank für die baldige Hilfe Geändert von NessaKi (03.12.2014 um 15:59 Uhr) Grund: Codes |
03.12.2014, 15:25 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BlockAndSurf loswerden! Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
03.12.2014, 15:57 | #3 |
| BlockAndSurf loswerden! Hi Cosinus,
__________________danke für die schnelle Antwort, weitere Log Dateien habe ich nicht, von Malwarebytes, hab ich schon den ältesten (gestern) gepostet und die anderen habe ich nicht gespeichert gehabt :/ So hier die zwei Log daten von FRST (danke für den Tipp, hab schon ausschau gehalten gehabt nach Spoiler Buttons) FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014 Ran by Hexenschuss (administrator) on HEXENSCHUSS-PC on 03-12-2014 15:47:15 Running from C:\Users\Hexenschuss\Downloads Loaded Profile: Hexenschuss (Available profiles: Hexenschuss) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (PixArt Imaging Incorporation) C:\Windows\Philips\SPC500NC\Monitor.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [SPC500NC_Monitor] => C:\Windows\Philips\SPC500NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\bntf.exe HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\bntf64.exe HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-05] (Geek Software GmbH) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [icq] => C:\Users\Hexenschuss\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-15] (ICQ) HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-25] (Valve Corporation) HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [HitsBlender] => "C:\Program Files (x86)\HitsBlender\hitsblender.exe" -m HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\RunOnce: [Uninstall C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\RunOnce: [Uninstall C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbdf5-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbdfa-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbf51-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {63566acd-bd74-11e2-87bf-806e6f6e6963} - F:\Autorun.exe BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2327854136-593963445-1531736561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201 FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://animexx.onlinewelten.com/persstart5/? FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2327854136-593963445-1531736561-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin HKU\S-1-5-21-2327854136-593963445-1531736561-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-01] FF Extension: Adblock Plus - C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-01] FF HKLM\...\Firefox\Extensions: [{970050F4-B21B-4c84-ACAB-DFEB867A4776}] - C:\Program Files\shopperz\Firefox Chrome: ======= CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304 CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304" CHR DefaultSearchKeyword: Default -> webssearches CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304&q={searchTerms} CHR Profile: C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30] CHR Extension: (Google Docs) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30] CHR Extension: (Google Drive) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-14] CHR Extension: (YouTube) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30] CHR Extension: (Google-Suche) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30] CHR Extension: (Google Tabellen) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-30] CHR Extension: (Google Wallet) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30] CHR Extension: (No Name) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\omficlgpckjflhghocdnmacenlpfjoif [2014-12-01] CHR Extension: (Google Mail) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () S3 Origin Client Service; D:\hier\Programme\Sims 3\Origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-01] (Enigma Software Group USA, LLC.) R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.) S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT S3 DAUpdaterSvc; M:\Spiele\Dragon Age Origin\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X] S2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-12-01] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-01] () S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 SPC500NC; C:\Windows\System32\DRIVERS\SPC500NC.SYS [481280 2007-06-21] (PixArt Imaging Inc.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 15:44 - 2014-12-03 15:45 - 00028616 _____ () C:\Users\Hexenschuss\Downloads\Addition.txt 2014-12-03 15:41 - 2014-12-03 15:47 - 00016311 _____ () C:\Users\Hexenschuss\Downloads\FRST.txt 2014-12-03 15:40 - 2014-12-03 15:47 - 00000000 ___DC () C:\FRST 2014-12-03 15:39 - 2014-12-03 15:39 - 02117120 _____ (Farbar) C:\Users\Hexenschuss\Downloads\FRST64.exe 2014-12-03 15:12 - 2014-12-03 15:12 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Hexenschuss\Downloads\sc-cleaner.exe 2014-12-03 15:12 - 2014-12-03 15:12 - 00001832 ____C () C:\sc-cleaner.txt 2014-12-03 15:08 - 2014-12-03 15:08 - 00000782 _____ () C:\Users\Hexenschuss\Desktop\JRT.txt 2014-12-03 15:04 - 2014-12-03 15:04 - 01707646 _____ (Thisisu) C:\Users\Hexenschuss\Downloads\JRT.exe 2014-12-03 15:04 - 2014-12-03 15:04 - 00000000 ____D () C:\Windows\ERUNT 2014-12-03 14:46 - 2014-12-03 14:57 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Logdateien Antispam 2014-12-03 14:41 - 2014-12-03 14:41 - 02154496 _____ () C:\Users\Hexenschuss\Downloads\adwcleaner_4.103.exe 2014-12-02 16:52 - 2014-12-02 16:52 - 00001624 ____C () C:\scan.txt 2014-12-02 16:35 - 2014-12-03 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-02 16:35 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-02 16:35 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-02 16:35 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-02 16:33 - 2014-12-02 16:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hexenschuss\Downloads\mbam-setup-2.0.3.1025.exe 2014-12-02 14:43 - 2014-12-02 14:43 - 00000000 ____D () C:\ProgramData\Curse Client 2014-12-01 23:35 - 2014-12-01 23:35 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Funcom 2014-12-01 22:37 - 2014-12-01 22:37 - 00000000 ____D () C:\ProgramData\Steam 2014-12-01 20:51 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141201-205113.backup 2014-12-01 20:28 - 2014-12-01 20:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-01 20:28 - 2014-12-01 20:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-01 20:28 - 2014-12-01 20:28 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-01 20:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-12-01 20:24 - 2014-12-01 20:24 - 01174352 _____ () C:\Users\Hexenschuss\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2014-12-01 17:13 - 2014-12-01 17:14 - 00000000 ____D () C:\Users\Hexenschuss\Downloads\AUD_Win8.1_Win8_Win7_6.0.1.7240 2014-12-01 16:49 - 2014-12-01 16:49 - 00087087 _____ () C:\Users\Hexenschuss\Documents\HEXENSCHUSS-PC.txt 2014-12-01 15:50 - 2014-12-01 15:50 - 01174352 _____ () C:\Users\Hexenschuss\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe 2014-12-01 15:01 - 2014-12-01 15:01 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Square Enix 2014-12-01 14:22 - 2014-12-01 14:22 - 00000000 ____D () C:\ProgramData\Pendulo Studios 2014-12-01 14:20 - 2014-12-01 14:20 - 00098599 ____C () C:\spyhunter.log 2014-12-01 13:21 - 2014-12-01 13:22 - 00040689 ____C () C:\sh4_service.log 2014-12-01 13:15 - 2014-12-01 01:42 - 00008192 ____C () C:\shldr.mbr 2014-12-01 09:31 - 2014-12-01 09:31 - 00296800 _____ () C:\Users\Hexenschuss\Downloads\PDFCreatorSetup-N0Td6F0ko.exe 2014-12-01 09:14 - 2014-12-01 09:14 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-12-01 09:14 - 2014-12-01 09:14 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-12-01 09:13 - 2014-12-01 09:14 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2014-12-01 02:27 - 2014-12-01 02:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Enigma Software Group 2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____D () C:\sh4ldr 2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____C () C:\autoexec.bat 2014-12-01 01:41 - 2014-12-01 01:41 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-12-01 01:41 - 2014-12-01 01:41 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-12-01 01:31 - 2014-12-01 13:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-01 01:31 - 2014-12-01 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hexenschuss\Downloads\revosetup95.exe 2014-12-01 01:14 - 2014-12-01 01:37 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Alte Firefox-Daten 2014-12-01 00:13 - 2014-12-01 00:30 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\HitsBlender 2014-12-01 00:13 - 2014-12-01 00:13 - 00002384 _____ () C:\Windows\patsearch.bin 2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrH_01009.Wdf 2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\cache 2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____D () C:\ProgramData\HitsBlender 2014-11-20 19:39 - 2014-11-20 19:39 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-11-20 19:38 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2014-11-20 19:33 - 2014-11-20 19:36 - 249917181 _____ () C:\Users\Hexenschuss\Downloads\AUD_Win8.1_Win8_Win7_6.0.1.7240.zip 2014-11-19 11:21 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:21 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:21 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:21 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-12 11:49 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 11:49 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 11:49 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 11:49 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 11:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 11:49 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 11:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 11:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 11:49 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 11:49 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 11:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 11:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 11:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 11:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 11:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 11:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 11:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 11:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 11:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 11:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 11:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 11:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 11:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 11:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 11:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 11:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 11:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 11:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 11:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 11:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 11:46 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 11:46 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 11:46 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 11:46 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 11:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 11:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 11:46 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 11:46 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 11:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 11:45 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 11:45 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 11:45 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 11:45 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 11:45 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 11:45 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 11:45 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 11:45 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 11:45 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 11:45 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 11:45 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 11:45 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 11:45 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 11:45 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 11:45 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 11:45 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 11:45 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 11:45 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 11:45 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 10:19 - 2014-11-11 10:19 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201411111019393284.log 2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\ProgramData\ATI 2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-11-09 13:33 - 2014-11-10 17:55 - 00001340 _____ () C:\Users\Hexenschuss\Desktop\Sims cheats.txt 2014-11-06 11:57 - 2014-11-09 17:11 - 00000000 ____D () C:\Users\Hexenschuss\Downloads\Sims 4 2014-11-05 18:11 - 2014-11-05 18:11 - 00000000 ____D () C:\Users\Hexenschuss\Documents\A Grafic Design ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 15:44 - 2013-05-15 11:20 - 01410554 _____ () C:\Windows\WindowsUpdate.log 2014-12-03 15:37 - 2013-08-11 14:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-03 15:36 - 2014-09-30 19:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-03 15:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-03 15:36 - 2009-07-14 05:51 - 00059267 _____ () C:\Windows\setupact.log 2014-12-03 15:34 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-03 15:34 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-03 15:03 - 2014-09-30 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-03 14:44 - 2010-11-21 04:47 - 00348604 _____ () C:\Windows\PFRO.log 2014-12-03 14:43 - 2014-05-07 20:25 - 00000000 ____D () C:\AdwCleaner 2014-12-03 14:21 - 2014-01-11 19:06 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Battle.net 2014-12-03 14:02 - 2013-09-22 14:44 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Deployment 2014-12-02 22:25 - 2013-09-22 21:29 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\TS3Client 2014-12-02 22:18 - 2014-01-11 19:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-12-02 16:59 - 2014-10-22 22:56 - 00000000 ___RD () C:\Users\Hexenschuss\Dropbox 2014-12-02 16:58 - 2013-09-05 15:13 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Dropbox 2014-12-02 16:56 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-12-02 00:19 - 2013-05-16 00:33 - 00000000 ____D () C:\ProgramData\Origin 2014-12-01 23:35 - 2013-05-15 11:47 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-12-01 23:09 - 2014-07-27 17:21 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-12-01 20:44 - 2013-12-03 23:57 - 00000000 ____D () C:\Users\Hexenschuss\Documents\My Games 2014-12-01 18:05 - 2013-05-15 21:14 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-12-01 18:05 - 2013-05-15 21:14 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-12-01 18:05 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 17:17 - 2014-09-18 15:09 - 00000000 ___HD () C:\Program Files (x86)\Temp 2014-12-01 10:17 - 2013-05-15 11:50 - 00709371 _____ () C:\Windows\DirectX.log 2014-12-01 02:34 - 2013-05-16 21:36 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Electronic Arts 2014-12-01 02:27 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-01 02:26 - 2013-05-16 00:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-01 01:42 - 2013-05-15 21:16 - 00285747 _____ () C:\shldr 2014-12-01 01:42 - 2013-05-15 11:30 - 00000000 ____D () C:\Users\Hexenschuss 2014-12-01 01:02 - 2009-07-14 03:34 - 00000548 _____ () C:\Windows\win.ini 2014-12-01 00:29 - 2013-05-15 18:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-01 00:29 - 2013-05-15 18:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-01 00:24 - 2014-09-30 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-01 00:24 - 2013-05-16 15:45 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-20 19:48 - 2014-05-27 14:34 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-20 19:42 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-20 19:38 - 2014-06-01 18:20 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\MusicBee 2014-11-19 21:04 - 2013-09-19 23:50 - 00017408 _____ () C:\Users\Hexenschuss\Documents\Verkaufen.xls 2014-11-15 18:02 - 2014-05-14 08:12 - 00000000 ____D () C:\Windows\rescache 2014-11-12 12:43 - 2009-07-14 05:45 - 00308720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 12:42 - 2014-06-11 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-12 12:36 - 2014-04-30 11:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 12:03 - 2013-07-24 19:36 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:57 - 2013-05-16 12:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 10:43 - 2013-05-16 16:21 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Adobe 2014-11-11 10:19 - 2013-05-15 11:45 - 00000000 ____D () C:\ProgramData\AMD 2014-11-11 10:18 - 2013-05-15 11:44 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-11-11 10:11 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-11 10:08 - 2012-09-08 20:03 - 00000000 ____D () C:\AMD 2014-11-11 00:33 - 2013-05-16 02:02 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Skype 2014-11-06 11:36 - 2013-05-16 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin Some content of TEMP: ==================== C:\Users\Hexenschuss\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx_sx6v.dll C:\Users\Hexenschuss\AppData\Local\Temp\Quarantine.exe C:\Users\Hexenschuss\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-26 15:32 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014 Ran by Hexenschuss at 2014-12-03 15:47:42 Running from C:\Users\Hexenschuss\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version: - Daedalic Entertainment) A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version: - ) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft) Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft) Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft) Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.) Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB) calibre 64bit (HKLM\...\{90C96F50-6055-4E41-A143-B0B02383223F}) (Version: 1.40.0 - Kovid Goyal) Call Of Cthulhu DCoTE (HKLM-x32\...\{E4406ED3-B04C-44F1-ABB4-08775B74934F}) (Version: 1.00.000 - ) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) Child of Light (HKLM-x32\...\Uplay Install 609) (Version: - Ubisoft) CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World) Curse Client (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Sims Mittelalter Piraten und Edelleute (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts) Die Sims(tm) Mittelalter (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.24.20 - Electronic Arts Inc.) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC) Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts) Drakan - Order of the Flame (HKLM\...\drakan - order of the flame) (Version: - ) Drakan Editing Tools (HKLM\...\drakan editing tools) (Version: - ) DriverEasy 4.7.6 (HKLM\...\DriverEasy_is1) (Version: 4.7.6.0 - Easeware) Dropbox (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Druckerdeinstallation für EPSON SX130 Series (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation) Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment) Edna Bricht Aus (HKLM-x32\...\EdnaSE) (Version: 1.0 - Daedalic Entertainment) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios) Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) ICQ 8.0 (build 6019) (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\ICQ) (Version: 8.0.6019.0 - Mail.Ru) I-Fluid 1.22 (HKLM-x32\...\I-Fluid_is1) (Version: - Nobilis) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts) Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall) Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts) NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR) Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability) openCanvas 5.5.22 (HKLM-x32\...\{CE1A5F24-49C6-456A-93D1-5A860A711D53}}_is1) (Version: 5.5.22 - PGN Co. Ltd.) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.) PDF24 Creator 6.3.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) PicPick (HKLM-x32\...\PicPick) (Version: 3.2.4 - NTeWORKS) Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.) Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games) Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SpyHunter (HKLM-x32\...\{0028CB34-D5D3-460F-B308-A39A095A5E01}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) TeamSpeak 3 Client (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Next BIG Thing (HKLM-x32\...\Steam App 58570) (Version: - Pendulo Studios) The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio) The Secret World (HKLM-x32\...\Steam App 215280) (Version: - Funcom) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED) Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics) Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version: - ) Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version: - ) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Violett (HKLM-x32\...\Steam App 257830) (Version: - Forever Entertainment S. A.) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{e317c18e-c3c1-4881-be16-36bc8d2180c7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 01-12-2014 08:13:23 Installed SpyHunter 01-12-2014 09:15:48 DirectX wurde installiert 01-12-2014 12:44:40 Removed QuickTime 7 01-12-2014 14:00:30 DirectX wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-01 20:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {007DE4FA-C4B7-41D1-8D32-E040F63570D3} - System32\Tasks\Wecker Task: {2CB3DDFE-C8C0-46E8-B9AE-50BF5284CCBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-30] (Google Inc.) Task: {57AE4037-8139-41BC-AFFC-CA55F189AFF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-30] (Google Inc.) Task: {79C73377-20DF-47D3-A255-D0F2BF990043} - System32\Tasks\CR setup => C:\Users\HEXENS~1\AppData\Local\Temp\Stub\150185872\ytd_bu10_setup(1).exe <==== ATTENTION Task: {D6C7D42E-4B99-4652-98DB-5D2AD2E71D6C} - System32\Tasks\Goobzo YTDownloader Setup => C:\Users\HEXENS~1\AppData\Local\Temp\Stub\150185872\ytd_bu10_setup(1).exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-05-16 13:29 - 2011-12-14 16:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe 2014-09-20 03:32 - 2010-01-21 00:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2014-09-20 03:31 - 2010-01-21 00:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2014-09-20 03:31 - 2010-01-21 00:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2014-09-20 03:31 - 2010-01-21 00:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2014-10-27 23:19 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-12-01 20:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-12-01 20:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-12-01 20:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-12-01 20:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-12-01 20:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-06-11 01:24 - 2014-11-11 23:55 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-05-16 13:29 - 2011-12-14 09:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll 2014-12-01 00:29 - 2014-12-01 00:29 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2327854136-593963445-1531736561-500 - Administrator - Disabled) Gast (S-1-5-21-2327854136-593963445-1531736561-501 - Limited - Disabled) Hexenschuss (S-1-5-21-2327854136-593963445-1531736561-1001 - Administrator - Enabled) => C:\Users\Hexenschuss HomeGroupUser$ (S-1-5-21-2327854136-593963445-1531736561-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Microsoft-Teredo-Tunneling-Adapter Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: H:\ Description: USB CF Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2014 03:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/03/2014 03:43:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (12/03/2014 03:43:22 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \...\DR72 gefunden. Error: (12/03/2014 03:41:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error: (12/03/2014 03:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SWUpdaterSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/03/2014 03:38:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/03/2014 03:38:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht. Error: (12/03/2014 03:37:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (12/03/2014 03:36:26 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 03.12.2014 um 15:32:34 unerwartet heruntergefahren. Error: (12/03/2014 03:36:15 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (12/03/2014 03:36:15 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2. Microsoft Office Sessions: ========================= Error: (12/03/2014 03:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 630 Processor Percentage of memory in use: 37% Total physical RAM: 6143.24 MB Available physical RAM: 3858.2 MB Total Pagefile: 12284.66 MB Available Pagefile: 9829.93 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:27.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:298.09 GB) (Free:217.29 GB) NTFS Drive f: (Sims3EP07) (CDROM) (Total:4.93 GB) (Free:0 GB) UDF Drive m: (Volume) (Fixed) (Total:1863.01 GB) (Free:1033.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D45BD45B) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F9283267) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 298.1 GB) (Disk ID: F122F122) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
03.12.2014, 23:58 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BlockAndSurf loswerden! Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten |