Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BlockAndSurf loswerden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2014, 15:22   #1
NessaKi
 
BlockAndSurf loswerden! - Standard

BlockAndSurf loswerden!



Hallo zusammen,

ich habe mir vor ein paar Tagen BlockAndSurf angelacht, was meinen ganzen Browser natürlich ziemlich durcheinander bringt.

Meine Daten:
Windows 7 Professional
64 bit System
AMD ATHLON II X4 630 Processor
2.80GHz

Darauf hin hab ich natürlich alles versucht um das Problem zu beseitigen.

Ich hab erstmal versucht die Tips im Thread abzuarbeiten (http://www.trojaner-board.de/151318-...entfernen.html)

Das hat leider keine Wirkung gezeigt, in der Firefox konfi, habe ich leider nichts mit dem Namen Block and Surf gefunden.

Der ADW Cleaner hat mir folgenden Log ausgespuckt (und das Problem nicht behoben):AdwCleaner Logfile:
Code:
ATTFilter
AdwCleaner v4.103 - Bericht erstellt am 03/12/2014 um 14:43:08
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-02.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hexenschuss - HEXENSCHUSS-PC
# Gestartet von : C:\Users\Hexenschuss\Downloads\adwcleaner_4.103.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : webinstrH

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\SysWOW64\EsgScanner.sys
Datei Gelöscht : C:\Windows\System32\drivers\webinstrH.sys

***** [ Tasks ] *****

Task Gelöscht : RocketTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Extensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v33.1 (x86 de)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [12449 octets] - [07/05/2014 20:25:51]
AdwCleaner[R1].txt - [1306 octets] - [17/05/2014 10:56:25]
AdwCleaner[R2].txt - [8057 octets] - [27/06/2014 20:29:12]
AdwCleaner[R3].txt - [1440 octets] - [27/06/2014 20:54:39]
AdwCleaner[R4].txt - [1989 octets] - [30/07/2014 17:56:19]
AdwCleaner[R5].txt - [12269 octets] - [01/12/2014 00:22:13]
AdwCleaner[R6].txt - [3659 octets] - [01/12/2014 01:17:59]
AdwCleaner[R7].txt - [3720 octets] - [01/12/2014 01:20:02]
AdwCleaner[R8].txt - [2191 octets] - [03/12/2014 14:41:36]
AdwCleaner[S0].txt - [10480 octets] - [07/05/2014 20:28:56]
AdwCleaner[S1].txt - [1367 octets] - [17/05/2014 10:57:49]
AdwCleaner[S2].txt - [6745 octets] - [27/06/2014 20:30:05]
AdwCleaner[S3].txt - [1501 octets] - [27/06/2014 20:55:34]
AdwCleaner[S4].txt - [1953 octets] - [30/07/2014 17:57:17]
AdwCleaner[S5].txt - [10739 octets] - [01/12/2014 00:23:49]
AdwCleaner[S6].txt - [3518 octets] - [01/12/2014 01:21:30]
AdwCleaner[S7].txt - [2006 octets] - [03/12/2014 14:43:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2066 octets] ##########
         
--- --- ---

Malwarebytes Anti-Malware :
Code:
ATTFilter
Version: 2.00.3.1025
Malware Database: v2014.12.02.04
Rootkit Database: v2014.12.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hexenschuss

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320838
Time Elapsed: 13 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, Quarantined, [1fed0e50611ba492a2135823f013e31d], 

Registry Values: 1
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_322, Quarantined, [5fadc9950676c472bfaf0e46e81b44bc], 

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[39d3f668d5a724124406075611f48080]

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [39d3d787601c95a1a5e13b15c53e8c74], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Junkware Removal Tool:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Hexenschuss on 03.12.2014 at 15:04:55,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Hexenschuss\AppData\Roaming\mozilla\firefox\profiles\byf0sz2n.default-1417394244201\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2014 at 15:08:36,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sc- Cleaner:
Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 Shortcut Cleaner Download

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 12/03/2014 03:12:48 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Hexenschuss\Desktop


0 bad shortcuts found.

Program finished at: 12/03/2014 03:12:49 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
         
So und weiter bin ich noch nicht gekommen, aber geholfen hat alles nichts.
Ich hoffe es gibt doch noch eine Lösung für mich :)

Vielen Dank für die baldige Hilfe

Geändert von NessaKi (03.12.2014 um 15:59 Uhr) Grund: Codes

Alt 03.12.2014, 15:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BlockAndSurf loswerden! - Standard

BlockAndSurf loswerden!



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.12.2014, 15:57   #3
NessaKi
 
BlockAndSurf loswerden! - Standard

BlockAndSurf loswerden!



Hi Cosinus,

danke für die schnelle Antwort,
weitere Log Dateien habe ich nicht, von Malwarebytes, hab ich schon den ältesten (gestern) gepostet und die anderen habe ich nicht gespeichert gehabt :/

So hier die zwei Log daten von FRST (danke für den Tipp, hab schon ausschau gehalten gehabt nach Spoiler Buttons)
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by Hexenschuss (administrator) on HEXENSCHUSS-PC on 03-12-2014 15:47:15
Running from C:\Users\Hexenschuss\Downloads
Loaded Profile: Hexenschuss (Available profiles: Hexenschuss)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PixArt Imaging Incorporation) C:\Windows\Philips\SPC500NC\Monitor.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SPC500NC_Monitor] => C:\Windows\Philips\SPC500NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\bntf.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\bntf64.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-05] (Geek Software GmbH)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [icq] => C:\Users\Hexenschuss\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-15] (ICQ)
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-25] (Valve Corporation)
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Run: [HitsBlender] => "C:\Program Files (x86)\HitsBlender\hitsblender.exe" -m
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\RunOnce: [Uninstall C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\RunOnce: [Uninstall C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hexenschuss\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbdf5-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbdfa-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {23dfbf51-b422-11e3-a678-b4c3bb16a914} - E:\AutoRun.exe
HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\MountPoints2: {63566acd-bd74-11e2-87bf-806e6f6e6963} - F:\Autorun.exe
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2327854136-593963445-1531736561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://animexx.onlinewelten.com/persstart5/?
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2327854136-593963445-1531736561-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-2327854136-593963445-1531736561-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-01]
FF Extension: Adblock Plus - C:\Users\Hexenschuss\AppData\Roaming\Mozilla\Firefox\Profiles\byf0sz2n.default-1417394244201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-01]
FF HKLM\...\Firefox\Extensions: [{970050F4-B21B-4c84-ACAB-DFEB867A4776}] - C:\Program Files\shopperz\Firefox

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1417389135&from=exp&uid=SAMSUNGXHD161HJ_S0V3JDWQ338304&q={searchTerms}
CHR Profile: C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30]
CHR Extension: (Google Docs) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Google Drive) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-14]
CHR Extension: (YouTube) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Google-Suche) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (Google Tabellen) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-30]
CHR Extension: (Google Wallet) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
CHR Extension: (No Name) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\omficlgpckjflhghocdnmacenlpfjoif [2014-12-01]
CHR Extension: (Google Mail) - C:\Users\Hexenschuss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
S3 Origin Client Service; D:\hier\Programme\Sims 3\Origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-01] (Enigma Software Group USA, LLC.)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S3 DAUpdaterSvc; M:\Spiele\Dragon Age Origin\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X]
S2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-12-01] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-01] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SPC500NC; C:\Windows\System32\DRIVERS\SPC500NC.SYS [481280 2007-06-21] (PixArt Imaging Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 15:44 - 2014-12-03 15:45 - 00028616 _____ () C:\Users\Hexenschuss\Downloads\Addition.txt
2014-12-03 15:41 - 2014-12-03 15:47 - 00016311 _____ () C:\Users\Hexenschuss\Downloads\FRST.txt
2014-12-03 15:40 - 2014-12-03 15:47 - 00000000 ___DC () C:\FRST
2014-12-03 15:39 - 2014-12-03 15:39 - 02117120 _____ (Farbar) C:\Users\Hexenschuss\Downloads\FRST64.exe
2014-12-03 15:12 - 2014-12-03 15:12 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Hexenschuss\Downloads\sc-cleaner.exe
2014-12-03 15:12 - 2014-12-03 15:12 - 00001832 ____C () C:\sc-cleaner.txt
2014-12-03 15:08 - 2014-12-03 15:08 - 00000782 _____ () C:\Users\Hexenschuss\Desktop\JRT.txt
2014-12-03 15:04 - 2014-12-03 15:04 - 01707646 _____ (Thisisu) C:\Users\Hexenschuss\Downloads\JRT.exe
2014-12-03 15:04 - 2014-12-03 15:04 - 00000000 ____D () C:\Windows\ERUNT
2014-12-03 14:46 - 2014-12-03 14:57 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Logdateien Antispam
2014-12-03 14:41 - 2014-12-03 14:41 - 02154496 _____ () C:\Users\Hexenschuss\Downloads\adwcleaner_4.103.exe
2014-12-02 16:52 - 2014-12-02 16:52 - 00001624 ____C () C:\scan.txt
2014-12-02 16:35 - 2014-12-03 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-02 16:35 - 2014-12-02 16:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-02 16:35 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-02 16:35 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-02 16:35 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-02 16:33 - 2014-12-02 16:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hexenschuss\Downloads\mbam-setup-2.0.3.1025.exe
2014-12-02 14:43 - 2014-12-02 14:43 - 00000000 ____D () C:\ProgramData\Curse Client
2014-12-01 23:35 - 2014-12-01 23:35 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Funcom
2014-12-01 22:37 - 2014-12-01 22:37 - 00000000 ____D () C:\ProgramData\Steam
2014-12-01 20:51 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141201-205113.backup
2014-12-01 20:28 - 2014-12-01 20:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 20:28 - 2014-12-01 20:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-01 20:28 - 2014-12-01 20:28 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-01 20:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-01 20:24 - 2014-12-01 20:24 - 01174352 _____ () C:\Users\Hexenschuss\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-12-01 17:13 - 2014-12-01 17:14 - 00000000 ____D () C:\Users\Hexenschuss\Downloads\AUD_Win8.1_Win8_Win7_6.0.1.7240
2014-12-01 16:49 - 2014-12-01 16:49 - 00087087 _____ () C:\Users\Hexenschuss\Documents\HEXENSCHUSS-PC.txt
2014-12-01 15:50 - 2014-12-01 15:50 - 01174352 _____ () C:\Users\Hexenschuss\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe
2014-12-01 15:01 - 2014-12-01 15:01 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Square Enix
2014-12-01 14:22 - 2014-12-01 14:22 - 00000000 ____D () C:\ProgramData\Pendulo Studios
2014-12-01 14:20 - 2014-12-01 14:20 - 00098599 ____C () C:\spyhunter.log
2014-12-01 13:21 - 2014-12-01 13:22 - 00040689 ____C () C:\sh4_service.log
2014-12-01 13:15 - 2014-12-01 01:42 - 00008192 ____C () C:\shldr.mbr
2014-12-01 09:31 - 2014-12-01 09:31 - 00296800 _____ () C:\Users\Hexenschuss\Downloads\PDFCreatorSetup-N0Td6F0ko.exe
2014-12-01 09:14 - 2014-12-01 09:14 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-12-01 09:14 - 2014-12-01 09:14 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-12-01 09:13 - 2014-12-01 09:14 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-12-01 02:27 - 2014-12-01 02:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Enigma Software Group
2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____D () C:\sh4ldr
2014-12-01 01:42 - 2014-12-01 01:42 - 00000000 ____C () C:\autoexec.bat
2014-12-01 01:41 - 2014-12-01 01:41 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-12-01 01:41 - 2014-12-01 01:41 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-01 01:31 - 2014-12-01 13:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-01 01:31 - 2014-12-01 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hexenschuss\Downloads\revosetup95.exe
2014-12-01 01:14 - 2014-12-01 01:37 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Alte Firefox-Daten
2014-12-01 00:13 - 2014-12-01 00:30 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\HitsBlender
2014-12-01 00:13 - 2014-12-01 00:13 - 00002384 _____ () C:\Windows\patsearch.bin
2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrH_01009.Wdf
2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\cache
2014-12-01 00:13 - 2014-12-01 00:13 - 00000000 ____D () C:\ProgramData\HitsBlender
2014-11-20 19:39 - 2014-11-20 19:39 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-11-20 19:38 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-11-20 19:33 - 2014-11-20 19:36 - 249917181 _____ () C:\Users\Hexenschuss\Downloads\AUD_Win8.1_Win8_Win7_6.0.1.7240.zip
2014-11-19 11:21 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:21 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:21 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:21 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 11:49 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 11:49 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 11:49 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 11:49 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:49 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:49 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:49 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 11:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 11:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 11:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 11:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 11:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 11:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 11:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 11:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 11:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 11:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 11:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 11:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 11:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 11:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 11:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 11:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 11:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 11:46 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:46 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:46 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:46 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 11:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 11:46 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 11:46 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 11:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 11:45 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:45 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:45 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:45 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:45 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:45 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:45 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:45 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:45 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:45 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:45 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:45 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:45 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:45 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:45 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:45 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:45 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:45 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:45 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 10:19 - 2014-11-11 10:19 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201411111019393284.log
2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\ProgramData\ATI
2014-11-11 10:19 - 2014-11-11 10:19 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-09 13:33 - 2014-11-10 17:55 - 00001340 _____ () C:\Users\Hexenschuss\Desktop\Sims cheats.txt
2014-11-06 11:57 - 2014-11-09 17:11 - 00000000 ____D () C:\Users\Hexenschuss\Downloads\Sims 4
2014-11-05 18:11 - 2014-11-05 18:11 - 00000000 ____D () C:\Users\Hexenschuss\Documents\A Grafic Design

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 15:44 - 2013-05-15 11:20 - 01410554 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 15:37 - 2013-08-11 14:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-03 15:36 - 2014-09-30 19:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 15:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 15:36 - 2009-07-14 05:51 - 00059267 _____ () C:\Windows\setupact.log
2014-12-03 15:34 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 15:34 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 15:03 - 2014-09-30 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 14:44 - 2010-11-21 04:47 - 00348604 _____ () C:\Windows\PFRO.log
2014-12-03 14:43 - 2014-05-07 20:25 - 00000000 ____D () C:\AdwCleaner
2014-12-03 14:21 - 2014-01-11 19:06 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Battle.net
2014-12-03 14:02 - 2013-09-22 14:44 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Deployment
2014-12-02 22:25 - 2013-09-22 21:29 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\TS3Client
2014-12-02 22:18 - 2014-01-11 19:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-02 16:59 - 2014-10-22 22:56 - 00000000 ___RD () C:\Users\Hexenschuss\Dropbox
2014-12-02 16:58 - 2013-09-05 15:13 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Dropbox
2014-12-02 16:56 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-02 00:19 - 2013-05-16 00:33 - 00000000 ____D () C:\ProgramData\Origin
2014-12-01 23:35 - 2013-05-15 11:47 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-01 23:09 - 2014-07-27 17:21 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-12-01 20:44 - 2013-12-03 23:57 - 00000000 ____D () C:\Users\Hexenschuss\Documents\My Games
2014-12-01 18:05 - 2013-05-15 21:14 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-01 18:05 - 2013-05-15 21:14 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-01 18:05 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 17:17 - 2014-09-18 15:09 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-01 10:17 - 2013-05-15 11:50 - 00709371 _____ () C:\Windows\DirectX.log
2014-12-01 02:34 - 2013-05-16 21:36 - 00000000 ____D () C:\Users\Hexenschuss\Documents\Electronic Arts
2014-12-01 02:27 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-01 02:26 - 2013-05-16 00:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-01 01:42 - 2013-05-15 21:16 - 00285747 _____ () C:\shldr
2014-12-01 01:42 - 2013-05-15 11:30 - 00000000 ____D () C:\Users\Hexenschuss
2014-12-01 01:02 - 2009-07-14 03:34 - 00000548 _____ () C:\Windows\win.ini
2014-12-01 00:29 - 2013-05-15 18:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 00:29 - 2013-05-15 18:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 00:24 - 2014-09-30 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-01 00:24 - 2013-05-16 15:45 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-20 19:48 - 2014-05-27 14:34 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-20 19:42 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-20 19:38 - 2014-06-01 18:20 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\MusicBee
2014-11-19 21:04 - 2013-09-19 23:50 - 00017408 _____ () C:\Users\Hexenschuss\Documents\Verkaufen.xls
2014-11-15 18:02 - 2014-05-14 08:12 - 00000000 ____D () C:\Windows\rescache
2014-11-12 12:43 - 2009-07-14 05:45 - 00308720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 12:42 - 2014-06-11 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 12:36 - 2014-04-30 11:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 12:03 - 2013-07-24 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:57 - 2013-05-16 12:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 10:43 - 2013-05-16 16:21 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Local\Adobe
2014-11-11 10:19 - 2013-05-15 11:45 - 00000000 ____D () C:\ProgramData\AMD
2014-11-11 10:18 - 2013-05-15 11:44 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-11 10:11 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-11 10:08 - 2012-09-08 20:03 - 00000000 ____D () C:\AMD
2014-11-11 00:33 - 2013-05-16 02:02 - 00000000 ____D () C:\Users\Hexenschuss\AppData\Roaming\Skype
2014-11-06 11:36 - 2013-05-16 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

Some content of TEMP:
====================
C:\Users\Hexenschuss\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx_sx6v.dll
C:\Users\Hexenschuss\AppData\Local\Temp\Quarantine.exe
C:\Users\Hexenschuss\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-26 15:32

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by Hexenschuss at 2014-12-03 15:47:42
Running from C:\Users\Hexenschuss\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version:  - Daedalic Entertainment)
A Walk in the Dark (HKLM-x32\...\Steam App 248730) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
calibre 64bit (HKLM\...\{90C96F50-6055-4E41-A143-B0B02383223F}) (Version: 1.40.0 - Kovid Goyal)
Call Of Cthulhu DCoTE (HKLM-x32\...\{E4406ED3-B04C-44F1-ABB4-08775B74934F}) (Version: 1.00.000 - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Child of Light (HKLM-x32\...\Uplay Install 609) (Version:  - Ubisoft)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
Curse Client (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Deponia (HKLM-x32\...\Steam App 214340) (Version:  - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Sims Mittelalter Piraten und Edelleute (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
Die Sims(tm) Mittelalter (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.24.20 - Electronic Arts Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Drakan - Order of the Flame (HKLM\...\drakan - order of the flame) (Version:  - )
Drakan Editing Tools (HKLM\...\drakan editing tools) (Version:  - )
DriverEasy 4.7.6 (HKLM\...\DriverEasy_is1) (Version: 4.7.6.0 - Easeware)
Dropbox (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX130 Series (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
Edna Bricht Aus (HKLM-x32\...\EdnaSE) (Version: 1.0 - Daedalic Entertainment)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ICQ 8.0 (build 6019) (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\ICQ) (Version: 8.0.6019.0 - Mail.Ru)
I-Fluid 1.22 (HKLM-x32\...\I-Fluid_is1) (Version:  - Nobilis)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Only If (HKLM-x32\...\Steam App 298260) (Version:  - Creability)
openCanvas 5.5.22 (HKLM-x32\...\{CE1A5F24-49C6-456A-93D1-5A860A711D53}}_is1) (Version: 5.5.22 - PGN Co. Ltd.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PDF24 Creator 6.3.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
PicPick (HKLM-x32\...\PicPick) (Version: 3.2.4 - NTeWORKS)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter (HKLM-x32\...\{0028CB34-D5D3-460F-B308-A39A095A5E01}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
TeamSpeak 3 Client (HKU\S-1-5-21-2327854136-593963445-1531736561-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Next BIG Thing (HKLM-x32\...\Steam App 58570) (Version:  - Pendulo Studios)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Violett (HKLM-x32\...\Steam App 257830) (Version:  - Forever Entertainment S. A.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{e317c18e-c3c1-4881-be16-36bc8d2180c7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2327854136-593963445-1531736561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hexenschuss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-12-2014 08:13:23 Installed SpyHunter
01-12-2014 09:15:48 DirectX wurde installiert
01-12-2014 12:44:40 Removed QuickTime 7
01-12-2014 14:00:30 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-01 20:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {007DE4FA-C4B7-41D1-8D32-E040F63570D3} - System32\Tasks\Wecker
Task: {2CB3DDFE-C8C0-46E8-B9AE-50BF5284CCBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-30] (Google Inc.)
Task: {57AE4037-8139-41BC-AFFC-CA55F189AFF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-30] (Google Inc.)
Task: {79C73377-20DF-47D3-A255-D0F2BF990043} - System32\Tasks\CR setup => C:\Users\HEXENS~1\AppData\Local\Temp\Stub\150185872\ytd_bu10_setup(1).exe <==== ATTENTION
Task: {D6C7D42E-4B99-4652-98DB-5D2AD2E71D6C} - System32\Tasks\Goobzo YTDownloader Setup => C:\Users\HEXENS~1\AppData\Local\Temp\Stub\150185872\ytd_bu10_setup(1).exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-16 13:29 - 2011-12-14 16:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-09-20 03:32 - 2010-01-21 00:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-09-20 03:31 - 2010-01-21 00:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-09-20 03:31 - 2010-01-21 00:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-09-20 03:31 - 2010-01-21 00:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-10-27 23:19 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-01 20:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-01 20:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-01 20:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-01 20:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-01 20:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-11 01:24 - 2014-11-11 23:55 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-16 13:29 - 2011-12-14 09:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-12-01 00:29 - 2014-12-01 00:29 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2327854136-593963445-1531736561-500 - Administrator - Disabled)
Gast (S-1-5-21-2327854136-593963445-1531736561-501 - Limited - Disabled)
Hexenschuss (S-1-5-21-2327854136-593963445-1531736561-1001 - Administrator - Enabled) => C:\Users\Hexenschuss
HomeGroupUser$ (S-1-5-21-2327854136-593963445-1531736561-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: H:\
Description: USB CF Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 03:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/03/2014 03:43:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/03/2014 03:43:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \...\DR72 gefunden.

Error: (12/03/2014 03:41:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.

Error: (12/03/2014 03:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SWUpdaterSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/03/2014 03:38:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/03/2014 03:38:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.

Error: (12/03/2014 03:37:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (12/03/2014 03:36:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎12.‎2014 um 15:32:34 unerwartet heruntergefahren.

Error: (12/03/2014 03:36:15 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (12/03/2014 03:36:15 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (12/03/2014 03:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 630 Processor
Percentage of memory in use: 37%
Total physical RAM: 6143.24 MB
Available physical RAM: 3858.2 MB
Total Pagefile: 12284.66 MB
Available Pagefile: 9829.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:27.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:298.09 GB) (Free:217.29 GB) NTFS
Drive f: (Sims3EP07) (CDROM) (Total:4.93 GB) (Free:0 GB) UDF
Drive m: (Volume) (Fixed) (Total:1863.01 GB) (Free:1033.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D45BD45B)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F9283267)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: F122F122)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 03.12.2014, 23:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BlockAndSurf loswerden! - Standard

BlockAndSurf loswerden!



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SpyHunter

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu BlockAndSurf loswerden!
blackandsurf, block and surf, browser manipulation, computer, detected, explorer, fehlercode windows, gelöscht, internet, internet explorer, launch, loswerden, microsoft, pup.optional.1clickmoviedownload.a, pup.optional.mbot.a, pup.optional.qone8, pup.optional.rockettab.a, software, spyhunter, spyhunter entfernen, system32, this device cannot start. (code10)




Ähnliche Themen: BlockAndSurf loswerden!


  1. SafeSearch loswerden
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (2)
  2. Blockandsurf win7 nicht los zu kriegen
    Log-Analyse und Auswertung - 04.02.2015 (7)
  3. BlockandSurf Reste nicht auffindbar
    Log-Analyse und Auswertung - 12.01.2015 (9)
  4. Werbeeinblendungen in Chrome durch BlockAndSurf
    Plagegeister aller Art und deren Bekämpfung - 20.10.2014 (5)
  5. BlockAndSurf entfernen
    Anleitungen, FAQs & Links - 10.03.2014 (2)
  6. Bundestrojaner loswerden
    Plagegeister aller Art und deren Bekämpfung - 08.09.2013 (1)
  7. chatzum loswerden wie?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (12)
  8. LyricsContainer loswerden
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (16)
  9. Malware loswerden, wie?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (11)
  10. FBdownloader - wie loswerden?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (13)
  11. Incredibar loswerden
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (35)
  12. 007Guard , wie Loswerden ?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (2)
  13. ICQsearch loswerden - wie?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (24)
  14. TR/CryptZPackGen loswerden?
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (4)
  15. hab trojaner die ich loswerden will help
    Log-Analyse und Auswertung - 20.07.2009 (1)
  16. wuauclt.exe loswerden
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (1)
  17. BDS/Agent.vxa.1 loswerden
    Mülltonne - 04.01.2009 (0)

Zum Thema BlockAndSurf loswerden! - Hallo zusammen, ich habe mir vor ein paar Tagen BlockAndSurf angelacht, was meinen ganzen Browser natürlich ziemlich durcheinander bringt. Meine Daten: Windows 7 Professional 64 bit System AMD ATHLON II - BlockAndSurf loswerden!...
Archiv
Du betrachtest: BlockAndSurf loswerden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.