|
Log-Analyse und Auswertung: Delta-Toolbar, Downloadsponsor etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.08.2014, 19:15 | #1 |
| Delta-Toolbar, Downloadsponsor etc. Hallo, Problem 1: seit einigen Tagen hat sich die Geschwindigkeit des Seitenaufbaus bei Google Chrome massiv verlängert. Meine Aktion: Nachdem ich probeweise meinen Antivirus Sophos (Lizenz von Uni) durchlaufen ließ, wurde nichts gefunden. Ein zweiter Check mit Spybot brachte fast 200 Ergebnisse... . Ich habe mit Spybot die Bereinigung durchgeführt. Ich möchte zusätzlich erwähnen, dass mein Browser bis auf 3 offizielle Plugins keine Toolbars etc. hat. Anschließend habe ich noch zusätzlich Malwarebytes heruntergeladen, aktualisiert, gescannt und die etwa 60 Funde nochmals bereinigen lassen. Bei einem zweiten Scan mit Spybot und Malwarebytes wurde nichts mehr gefunden. Problem 2: Dann lief für 2 Stunden wieder alles wunderbar. Auf einmal verlangsamte Chrome erneut und es öffnete sich eine (ewiglangerZahlen+Zeichenwirrwarr).php Seite, die ich schnell geschlossen habe. Ein erneuter Check mit Spybot brachte keine Ergebnisse. Zur Info: Beim ersten Durchlauf wurde die Delta und Babylon Toolbar, wie auch der Downloadsponsor als Malware erkannt. Könnten sie mir bitte helfen? Danke Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:59:14, on 03.08.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe D:\Steam\Steam.exe C:\Program Files (x86)\Thunder Master\THPanel.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\thunderbird.exe G:\ Malwarebytes Anti-Malware \mbam.exe D:\Office14\EXCEL.EXE D:\IrfanView\i_view32.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Michael\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [BCSSync] "D:\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1296218438-4040402403-1704041965-1048\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1296218438-4040402403-1704041965-1048\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: An OneNote s&enden - res://D:\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\ Malwarebytes Anti-Malware \mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - G:\ Malwarebytes Anti-Malware \mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 13542 bytes |
03.08.2014, 19:35 | #2 |
/// the machine /// TB-Ausbilder | Delta-Toolbar, Downloadsponsor etc. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.08.2014, 19:42 | #3 |
| Delta-Toolbar, Downloadsponsor etc. Update:
__________________Chrome wird inzwischen auf verschiedene Seiten redirected und Thunderbird fragt nach meiner Erlaubnis zur Kopie der Kontaktdaten.eml. Ich bin langsam am überlegen, den PC neu aufzusetzen. Danke FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Michael (administrator) on RECHNER on 03-08-2014 20:40:00 Running from C:\Users\Michael\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Valve Corporation) D:\Steam\Steam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [BCSSync] => D:\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21415040 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: E - E:\Run.exe HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: {f54d2f97-44b7-11e2-8799-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: {f54d2f98-44b7-11e2-8799-806e6f6e6963} - F:\Autorun.exe AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x913AA730ACE2CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: ======= CHR HomePage: hxxp://www.msn.com/?pc=AV01 CHR StartupUrls: "https://www.google.de/?gws_rd=ssl" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - D:\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Google Update) - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-04] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03] CHR Extension: (ModHeader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2013-04-23] CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-09] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; D:\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-20] (Sophos Limited) S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) U0 roihn; C:\Windows\System32\drivers\xrlfmfkk.sys [79064 2014-08-03] (Malwarebytes Corporation) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited) S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 20:40 - 2014-08-03 20:40 - 00020713 _____ () C:\Users\Michael\Downloads\FRST.txt 2014-08-03 20:39 - 2014-08-03 20:40 - 00000000 ____D () C:\FRST 2014-08-03 20:39 - 2014-08-03 20:39 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log 2014-08-03 19:59 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-08-03 19:57 - 2014-08-03 19:58 - 00826192 _____ (Chip Digital GmbH) C:\Users\Michael\Downloads\HijackThis - CHIP-Installer.exe 2014-08-03 09:35 - 2014-08-03 09:35 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xrlfmfkk.sys 2014-08-03 09:20 - 2014-08-03 18:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 09:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-03 09:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-03 09:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-03 08:53 - 2014-08-03 08:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat 2014-08-03 08:29 - 2014-08-03 08:29 - 00002262 _____ () C:\Users\Michael\Desktop\SpyHunter.lnk 2014-08-03 08:29 - 2014-08-03 08:29 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-03 08:27 - 2014-08-03 08:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe 2014-08-03 00:42 - 2014-08-03 00:43 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel 2014-08-02 20:54 - 2014-08-02 20:55 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe 2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine 2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ 2014-07-28 21:09 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus 2014-07-27 22:21 - 2014-07-27 22:21 - 00106517 _____ () C:\Users\Michael\Downloads\eq_cl_33.exe 2014-07-27 22:10 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-16 20:07 - 2014-08-01 22:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam 2014-07-15 17:30 - 2014-07-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO 2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO 2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx 2014-07-15 17:25 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2014-07-13 14:28 - 2014-07-13 14:28 - 00519122 _____ () C:\Users\Michael\Downloads\[PC] KZ Manager Millenium - Hamburg Edition (1.0.0. Beta) (German).rar 2014-07-12 18:10 - 2014-07-12 18:12 - 58238578 _____ () C:\Users\Michael\Downloads\DATA_DECKS_2010_GXSC_MAINEXP.wad 2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-12 09:51 - 2014-07-12 09:52 - 41177600 _____ () C:\Users\Michael\Downloads\PhysX-9.13.1220-SystemSoftware.msi 2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2 2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5 2014-07-11 01:43 - 2014-07-11 01:43 - 00046130 _____ () C:\Users\Michael\Downloads\SteamAchievementManager63_hotfix.zip 2014-07-11 01:43 - 2013-08-10 05:20 - 00031232 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.API.dll 2014-07-11 01:43 - 2011-09-23 12:16 - 00045056 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.Picker.exe 2014-07-11 01:43 - 2011-09-23 12:16 - 00045056 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.Game.exe 2014-07-09 14:40 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 14:40 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 14:39 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 14:39 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 14:39 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 20:40 - 2014-08-03 20:40 - 00020713 _____ () C:\Users\Michael\Downloads\FRST.txt 2014-08-03 20:40 - 2014-08-03 20:39 - 00000000 ____D () C:\FRST 2014-08-03 20:40 - 2013-12-19 11:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\LogMeIn Hamachi 2014-08-03 20:39 - 2014-08-03 20:39 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2014-08-03 20:38 - 2012-02-04 15:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype 2014-08-03 20:38 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-03 20:38 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-03 20:27 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-03 20:25 - 2012-02-03 21:11 - 00113344 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-03 20:24 - 2009-07-14 19:58 - 00710502 _____ () C:\Windows\system32\perfh007.dat 2014-08-03 20:24 - 2009-07-14 19:58 - 00154832 _____ () C:\Windows\system32\perfc007.dat 2014-08-03 20:24 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-03 20:14 - 2012-02-03 20:53 - 01995356 _____ () C:\Windows\WindowsUpdate.log 2014-08-03 20:13 - 2014-06-28 19:08 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log 2014-08-03 19:59 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-08-03 19:58 - 2014-08-03 19:57 - 00826192 _____ (Chip Digital GmbH) C:\Users\Michael\Downloads\HijackThis - CHIP-Installer.exe 2014-08-03 19:22 - 2014-06-28 19:08 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-03 18:55 - 2014-08-03 09:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 16:52 - 2013-09-09 16:52 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-08-03 16:20 - 2014-02-18 04:01 - 00000000 ____D () C:\Users\Michael\Desktop\Quiz 2014-08-03 09:35 - 2014-08-03 09:35 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xrlfmfkk.sys 2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-03 09:19 - 2012-02-24 21:11 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 08:54 - 2014-08-03 08:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat 2014-08-03 08:29 - 2014-08-03 08:29 - 00002262 _____ () C:\Users\Michael\Desktop\SpyHunter.lnk 2014-08-03 08:29 - 2014-08-03 08:29 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-03 08:27 - 2014-08-03 08:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe 2014-08-03 08:16 - 2014-02-06 12:47 - 00188670 _____ () C:\Windows\PFRO.log 2014-08-03 08:16 - 2013-12-21 08:03 - 00013964 _____ () C:\Windows\setupact.log 2014-08-03 08:16 - 2012-02-04 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-03 08:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-03 00:43 - 2014-08-03 00:42 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel 2014-08-02 21:02 - 2014-01-03 23:55 - 00118241 _____ () C:\Windows\DirectX.log 2014-08-02 20:55 - 2014-08-02 20:54 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe 2014-08-02 20:37 - 2014-02-06 02:24 - 00000335 _____ () C:\Windows\wininit.ini 2014-08-02 19:23 - 2013-12-08 22:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-08-02 11:27 - 2012-02-18 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-08-02 11:25 - 2014-07-27 22:10 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine 2014-08-02 00:21 - 2012-02-04 14:09 - 00000000 ____D () C:\Users\Michael\Documents\My Games 2014-08-01 22:54 - 2014-07-16 20:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam 2014-08-01 22:21 - 2013-03-20 20:52 - 00008704 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-30 21:52 - 2013-12-27 18:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TS3Client 2014-07-30 19:42 - 2013-12-25 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\DayZ 2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2014-07-30 18:00 - 2013-07-20 09:59 - 00000000 _____ () C:\Windows\system32\vireng.log 2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ 2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus 2014-07-27 22:21 - 2014-07-27 22:21 - 00106517 _____ () C:\Users\Michael\Downloads\eq_cl_33.exe 2014-07-22 20:26 - 2013-12-27 18:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\TeamSpeak 3 Client 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-22 02:42 - 2012-02-04 03:19 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-07-20 08:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-15 18:36 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\Michael\Documents\SavedGames 2014-07-15 17:33 - 2014-07-15 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO 2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO 2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx 2014-07-15 05:33 - 2012-02-20 17:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI 2014-07-13 16:30 - 2013-12-15 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft 2014-07-13 14:28 - 2014-07-13 14:28 - 00519122 _____ () C:\Users\Michael\Downloads\[PC] KZ Manager Millenium - Hamburg Edition (1.0.0. Beta) (German).rar 2014-07-12 18:12 - 2014-07-12 18:10 - 58238578 _____ () C:\Users\Michael\Downloads\DATA_DECKS_2010_GXSC_MAINEXP.wad 2014-07-12 11:46 - 2013-09-25 18:22 - 00213548 _____ () C:\shared.log 2014-07-12 10:45 - 2012-04-28 10:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-12 09:52 - 2014-07-12 09:51 - 41177600 _____ () C:\Users\Michael\Downloads\PhysX-9.13.1220-SystemSoftware.msi 2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2 2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5 2014-07-11 05:33 - 2014-06-04 09:07 - 00000000 ____D () C:\TEMP 2014-07-11 05:22 - 2013-05-16 17:10 - 00000000 ____D () C:\Windows\rescache 2014-07-11 01:43 - 2014-07-11 01:43 - 00046130 _____ () C:\Users\Michael\Downloads\SteamAchievementManager63_hotfix.zip 2014-07-11 00:49 - 2009-07-14 06:45 - 00412120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 03:05 - 2012-12-13 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-10 03:04 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 03:02 - 2012-02-04 15:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 13:27 - 2012-04-01 16:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 13:27 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 13:27 - 2012-02-04 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-30 19:35 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014 Ran by Michael at 2014-08-03 20:40:31 Running from C:\Users\Michael\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Anno 1404 (HKLM-x32\...\Steam App 33250) (Version: - Blue Byte) Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version: - ) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.) Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games) Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP) CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.26 - Abelssoft) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores) Desperados - Wanted Dead or Alive (HKLM-x32\...\Steam App 260730) (Version: - Spellbound) Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Droplitz (HKLM-x32\...\Steam App 23120) (Version: - Blitz Games Studio, Ltd.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios) Fallout 3 Patch v1.4 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.4 - ) FF7 XBox 360 Controller Fix (Steam) 2.0 (HKLM-x32\...\{4FAA5121-ABE1-46AA-B5E7-31584FA33795}_is1) (Version: 2.0 - Johnny "ThunderPeel2001" Walker) File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com) Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts) G-Hotkey version 3.62 (HKLM-x32\...\{6F870369-F2ED-40AC-8BB0-DA85A8AEE155}_is1) (Version: - ) GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version: - Nival) Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version: - Nival) Heroes of Might & Magic V: Tribes of the East (HKLM-x32\...\Steam App 15370) (Version: - Nival) Heroes of Might & Magic V: Tribes of the East Editor (HKLM-x32\...\Steam App 19970) (Version: - Ubisoft) Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version: - GOG.com) Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version: - GOG.com) Heroes of Might and Magic IV: Winds of War (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - ) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version: - Big Huge Games) King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - 1C Company) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games) Magic 2015 (HKLM-x32\...\Steam App 255420) (Version: - Stainless Games) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version: - Blackhole) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) New Star Soccer 5 (HKLM-x32\...\Steam App 212780) (Version: - New Star Games) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.2 - Black Tree Gaming) NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Operation Flashpoint: Dragon Rising (HKLM-x32\...\Steam App 12830) (Version: - Codemasters Studios) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.) Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909) Patch v2.2 (HKLM-x32\...\{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1) (Version: - RUNEFORGE Games Studios) PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.) Pokémon Mystery Gift Editor (HKLM-x32\...\Pokémon Mystery Gift Editor) (Version: - Grovyle91) Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.) Red Faction: Guerrilla (HKLM-x32\...\Steam App 20500) (Version: - Volition) Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs) S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World) Sacred Citadel (HKLM-x32\...\Steam App 207930) (Version: - Southend) Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version: - Volition) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited) Spellforce 2: Gold Edition (HKLM-x32\...\Steam App 39550) (Version: - Phenomic) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes) The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Guild II - Pirates of the European Seas (HKLM-x32\...\Steam App 39660) (Version: - 4 Head Studios) The Guild II (HKLM-x32\...\Steam App 39650) (Version: - 4 Head Studios) The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version: - Rune Forge) The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - ) Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.) Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment) Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version: - Iron Lore Entertainment) Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654) Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte) Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft) VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1296218438-4040402403-1704041965-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1296218438-4040402403-1704041965-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 03-08-2014 07:18:47 Removed SpyHunter ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04BFC927-ACAE-44F5-8143-A1E8C6C93192} - System32\Tasks\{26D2419E-D7B5-408A-B3AB-FEE02F6406FE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {0582E66D-BF74-4E20-85FA-5BA4ADD1E97F} - System32\Tasks\{144D8527-7421-4519-9488-99030BEA3F58} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {0727B8C4-3692-4974-A429-C44277781C0B} - System32\Tasks\{FBC4C2D4-2E5A-43C9-8872-501AB0DF2AC1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {093993D8-944D-49CC-A094-F660A0501C25} - System32\Tasks\{D6F705C0-4961-484F-BD79-EC1379B163C7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {0A7487E4-2CDE-4A2B-B34A-521DE73F0267} - System32\Tasks\{D51F84F0-038A-439E-A58B-294E97793941} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {0AC36268-6775-437A-BABF-34FDAA9C8449} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {0CE3511D-0995-494A-AE03-88D42B2D6E46} - System32\Tasks\{0456F496-7FDB-468A-BCDC-EDABC4DA8577} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {0FF061E7-A179-452F-9922-8A15209C81D5} - System32\Tasks\{F30B2B7F-157A-4BE2-B98B-75359ABC0930} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {10744586-3FD0-4FE4-90AF-BFC40071E225} - System32\Tasks\{3D2E9DBE-7FB8-47EB-B2D1-6EF5DA95AD08} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {114B20D4-4E3E-491F-8CEF-4E18A6889015} - System32\Tasks\{721EAB80-EBF0-4B20-8CE4-383E0E373C0C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {189FDA34-3C40-4647-B2FD-BCD6E6CD46F3} - System32\Tasks\{156073D9-787D-42D1-BC35-0022D958FFE8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {18B945EE-D051-4E26-9673-7D316D276CEF} - System32\Tasks\{C0BE621E-D988-44F3-B745-A85406FCED86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1A24D02F-5B41-42B1-BF3B-131C638E2CEB} - System32\Tasks\{B36B2E46-4584-46DA-9AEA-039FB8EB4CBF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1AD72E9C-F68F-41C8-A39E-8A299CC2BF39} - System32\Tasks\{90FBEA3C-98CE-46BF-A40A-F40E2170CA3F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1BB48D29-F1B7-4333-AF8C-663BFF64A998} - System32\Tasks\{7951F4B9-0E75-4BB2-9157-04B10EA0855B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1D135955-B338-4F1C-A7FB-461A1D98E304} - System32\Tasks\{9C5C0DF1-3698-40DF-BCD8-C9F729830DAC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1D24D5AB-1FBD-4184-A3E1-9078A3A27DAE} - System32\Tasks\{58DC9169-F145-4DD9-9AAB-F32008ACF7FF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1EC5A7B1-EE45-4F57-AB84-07073F267A46} - System32\Tasks\{A884330D-0600-406B-A463-3781CC7D23A6} => F:\start.exe Task: {1FA949F2-988A-4BD2-A851-CE183A2A1CBC} - System32\Tasks\{63AEC17A-98CA-46BC-8F83-07CD50B1C48E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1FF8CDD7-168A-4FF6-8483-484D69860586} - System32\Tasks\{A2269C16-0FAF-4162-95A1-95F1CCCAD1AA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603 Task: {20158495-F339-4BD5-9C7B-A132A3B2B755} - System32\Tasks\{1415119E-C51A-44DF-8373-BE60E69CE22F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {252050CC-5EF3-4E9B-9B98-715A5B19B44A} - System32\Tasks\{B896B73B-5747-4284-8DF2-9DC63E1AAD5B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {25E43492-2D29-4734-8CD8-CC043EC8326D} - System32\Tasks\{500CCA07-8451-40BB-BECD-47DDBCD46094} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {264EF608-4776-468A-96D1-CA36FDB97CF6} - System32\Tasks\{E8C9743A-D863-4501-8D70-73D2D31EFB9C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {2920A244-5647-484D-960A-D67FCE4B4DD4} - System32\Tasks\{340C4676-5269-4A7E-8723-7273685FD7B7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {2BE7B85C-8B39-4290-A59E-9A3E29B955FF} - System32\Tasks\{29A1F324-E0C0-4BF4-9FF5-F4248DBEB6C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {2DBC2DAF-3A5A-4D65-A9EA-DC82169C5B3C} - System32\Tasks\{E61EAAA3-365C-46BB-AA94-2A8EE0C8C475} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {2EFEA576-0F7E-421C-8CDA-B62840DC9E21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.) Task: {315D107B-4C93-4159-AF8C-93BFD3189AC0} - System32\Tasks\{C18C2437-C34D-4992-BC16-2898F6838B07} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {32AC7194-E5A1-4663-86BA-F0D04425DF3A} - System32\Tasks\{5961F6D3-F58B-40E2-A7EF-46A95E9A28A8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {32ECBDEC-47AD-4D48-9AB2-1CF954983AC9} - System32\Tasks\{B811D5FB-2882-4CED-869A-03B3533EF626} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {338ADC10-A7F6-4E42-B84E-6092D779ACA1} - System32\Tasks\{2F1F26B5-535F-4F23-BD42-C0DFBC9D086C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {34D7A95C-741E-46C6-9B3E-B442A9619275} - System32\Tasks\{9B532C16-B883-48FB-BE99-3D5B7F22CB17} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {360195C2-FBE7-4D46-B9C3-D6DF0B8638F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {3A88CD16-767F-40F9-BCDD-B2922A2EC41D} - System32\Tasks\{FD8F23B3-C048-42AA-BFEE-E6938A115742} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {3ED2D83C-1C6B-4B28-8296-A28B508A68DF} - System32\Tasks\{E74799DA-2836-414B-9A54-17327A6AE738} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {433C7E62-B415-4483-AD5B-91B19F5C0E21} - System32\Tasks\{407BCB03-AC40-4293-A02A-DEFC8FDA9BFB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {43D2E67E-4015-43CD-BDEF-1B5A93F802E3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor) Task: {45D652A1-BB62-48A9-9AC6-66D31577EF6C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {47433119-CA72-4FAD-8C8E-D45883A4E364} - System32\Tasks\{CC22CF67-FA61-4747-833D-932FD1967287} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {49A2BB31-C699-450D-9315-90D76427DBCF} - System32\Tasks\{E79375AB-9CC4-4509-A11F-55B46EEDD8C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {4A12A552-DC60-4AED-96BC-455A56986D1A} - System32\Tasks\{FBDEDB5A-2652-4F75-9F9C-AE730451F1EF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {4D6AFDA4-8E6E-4F4A-8F22-DB7AB2F48401} - System32\Tasks\{B0B931FA-C157-4281-AF5A-2207968DC677} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {4D98E336-647A-4E0C-893B-C5B022ADA48E} - System32\Tasks\{0EA16D1B-2FC2-4ABA-8B9C-8CFFAA5492C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {4DBD1F16-C1CB-496C-BDA7-D583DE125479} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {5018B95F-D554-499E-9328-872E453EAB02} - System32\Tasks\{32FAFB6E-B2A7-4C90-9FD1-EF9E16FCACE0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {5350AEAE-7DAB-4B09-AA35-AAF083032B25} - System32\Tasks\{212080C6-5929-46DE-81F7-B7E20F3E2974} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {5860AF3A-4024-4CA3-ADD4-0606F48E7A80} - System32\Tasks\{CF0794F4-B600-4376-9A5C-998DE03CAA5C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {5BB40BDD-DA28-48EB-B95B-1C660EB36FA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {5EB68CD5-A7BC-4CDF-8AA6-36884ECC02B1} - System32\Tasks\{8C228039-3D64-45EF-94A5-D7F11E205188} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {62CAB437-5A53-42F6-BA41-2F318F3D4227} - System32\Tasks\{9B2DDFFD-0542-408B-AF05-E797513AF66D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {62CC36B2-8810-4954-B498-2C5711251510} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.) Task: {65039A32-340C-4068-8103-310E9833875F} - System32\Tasks\{50C47D36-89E1-400B-B617-7D53D9114EB5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.156/de/go/help.faq.installer?LastError=1603 Task: {67CF3541-98FA-4258-B3DD-FDB1D97B6FC2} - System32\Tasks\{9B4DD672-A990-4D11-966D-904120040F36} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603 Task: {68D83132-8564-4712-A8CB-761C10CF8B7A} - System32\Tasks\{2D3ECD9C-E4B4-42C9-AD1A-77535FA0C631} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {6B1813F5-C351-4912-9584-D2BF56338632} - System32\Tasks\{A79002F6-4D45-40B2-BF56-E3043A64D254} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {6DCE5814-8855-43F5-848A-409526D56646} - System32\Tasks\{10DE2AE1-6686-42F8-A7C6-503392F8C2F3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {7454124D-3C76-48B1-BE92-2460020AB0F6} - System32\Tasks\{22752CAD-F51A-4459-B799-9C99DD372775} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {74BDE0A7-0C65-4AAC-8086-5A301A305F46} - System32\Tasks\{5569CB0B-9F32-4F58-9220-ACE7BCC132C4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {768D7B45-2513-4B31-B192-15FBDDA73A8C} - System32\Tasks\{F4AD64F4-2A66-43C6-9FA5-1C7F0D179015} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {7AB1D45D-3EC9-4571-955B-C8C2CDC068A5} - System32\Tasks\{54741957-8223-44AE-A9FD-1808A8A5C98F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {7E1F1E9C-DC2D-4B46-8281-3506A4F80873} - System32\Tasks\{14A5B928-D0AE-4B18-BFA3-EA1599582BDA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {7EC37A49-D188-4F22-969E-ADA600A7CE62} - System32\Tasks\{866EA69B-C105-4905-BF49-C62D4B9AB6CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {7FFBF07F-EE07-4625-81DE-912F11C5EFA1} - System32\Tasks\{5D26E6A3-F0DD-4AE0-9C49-6865B3340605} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603 Task: {81086238-3B57-4A5F-A0CA-074FC304CC1B} - System32\Tasks\{26E56767-8063-4BDE-9D9D-C591D68F608B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {83897B85-A1ED-441E-A68F-4AB36ACBB105} - System32\Tasks\{2F9787E1-5810-4CD8-A781-5652B49F660B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {88CCE714-3AB1-428D-A5D3-302E8D1D0479} - System32\Tasks\{D096FFE4-214E-4283-9D8D-C14BE7659A7B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603 Task: {894B6ED0-686A-40BB-A1AD-7CDAA33CFCA4} - System32\Tasks\{23E365D3-9C7D-41AE-8A0B-07493B6E8F26} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {89D2ED3F-09C7-4A81-9A76-132B2FF74D15} - System32\Tasks\{A84E0C00-7BAE-489D-A898-B23101892AAC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {8EE63C52-584E-4423-BC9D-C46A7A1F2BA8} - System32\Tasks\{24E7787A-919B-4182-B634-DDD60ED140C1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {8FAAF8D0-55AD-4DC3-9BF6-B43556F3E76A} - System32\Tasks\{A478CC2D-2F1C-431B-8D7A-4F01AB03AF9D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {93B56DA8-B72A-4037-8CC9-221D30DFFE7F} - System32\Tasks\{E9ABF46C-B1E5-44A6-9AF4-0A600E94455C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {972DC1A0-3833-4268-BB75-0FA18CA3F532} - System32\Tasks\{6000FAF7-333B-4C07-AEC1-400511ED8D71} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {9BA9BED2-CC38-491E-9630-5DD752A958E4} - System32\Tasks\{258F3BAA-F26E-4D5A-B545-FA8011668AE1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {9E80280B-43D1-47DB-8010-771D4899E387} - System32\Tasks\{7C91331B-E894-4738-91D9-96968B1CB473} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {9F7C4180-DA72-4D69-99D0-4DBCA13CA514} - System32\Tasks\{A77D0EB2-62DE-4AEF-838A-CD340C81A382} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {9F83A976-9305-4ED2-9C63-66FEB064AFB3} - System32\Tasks\{BD1ADA57-D3C2-46FA-B64D-66FBC735699B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {A32BFC16-91AF-42AC-AB5C-BC2565AD279E} - System32\Tasks\{26158B8E-A45F-45B7-A651-A1EABA7AC757} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {A854693B-F487-42C1-8570-95C713EF9A09} - System32\Tasks\{14E02B9C-1587-4341-82C0-310E811809D1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {AAFA6AE1-73FE-42DA-9292-491E893A6279} - System32\Tasks\{E4223426-E51B-454C-BB8C-C7216137971D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {ABB82F72-D8EC-4436-BB54-B2451C5E6832} - System32\Tasks\{FAC53F0B-4F7B-4699-AD14-7501B6F893E6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {AD12D363-B0B1-4692-88BA-BAF5BC488FF3} - System32\Tasks\{E2BBEB6F-839E-45E6-B9C3-BE33DA727230} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {AFB005F1-CD22-405F-8263-8AE0762166FD} - System32\Tasks\{BD49BD03-7BD4-418E-9266-0ACF0185BD0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {AFF86BB7-B691-42EE-8BEE-89D48995DA54} - System32\Tasks\{938FCCBB-F0C8-4870-94DF-99ED4AB0F7AE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {B4F746C8-1E45-41A3-AC68-8361F002C238} - System32\Tasks\{7E1CBFF3-9DDB-42D9-8AB9-5209121986DF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BC44E3DA-70FE-4006-942A-D386B142D73A} - System32\Tasks\{AD4E9FDE-0490-4BE3-BA9F-514AE247D0E8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BCB9AF4D-AE71-409F-8FB5-C8940924976C} - System32\Tasks\{A7341891-6505-4647-A4CA-137911390498} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BD66042D-594F-4303-9126-0CE0F79D2725} - System32\Tasks\{1C2C5D04-9D44-4A06-B0E4-9D7FC3F7329B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BEB49C30-4C25-4E32-BA5C-E284495E5EC1} - System32\Tasks\{0133693A-FCCF-4748-9840-708C76F2DD68} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {C4CF6927-A7E8-4523-B534-D16518666D07} - System32\Tasks\{F92F6431-C274-4251-AA30-386095962231} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {C88DF769-0FF6-48BD-9C86-F09C8FAA062E} - System32\Tasks\{C1CEB6F7-89E9-4F0D-84A2-EE7CBB5CBD41} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {C8FCE67D-6853-4441-92A7-DF427F7EFC38} - System32\Tasks\{E701894D-0E97-4B36-9C08-FDACC83F7965} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {CB3BBABA-74E8-4FCA-BD8A-F415BAC72337} - System32\Tasks\{F5B2E26A-25B5-4861-B3F8-EF69E785D77B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {D1A00AD7-0374-43AA-8655-D7F42A52D79B} - System32\Tasks\{70FAFC31-1488-4727-A37F-1D96EEBBF273} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {D3DF6AA6-60E6-4955-9BC3-54ED89C429A4} - System32\Tasks\{23D47B7E-9319-4827-B78A-03A957960B77} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {D5CFCCC6-B410-47B3-81BA-3E491A490DFC} - System32\Tasks\{E0DA3775-6208-40D3-B268-C98EBC2F0AA7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {D70E5447-2267-4E68-B82A-3B0902670D1D} - System32\Tasks\{4CFF867B-55CA-46AD-AD4F-4ACA3417FF95} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {D9955BB2-F806-43C7-8672-D53035DB7DE7} - System32\Tasks\{C4D20322-5241-4922-8A4F-F7103CB7FCA2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {DB6FB333-13BC-4F44-B469-D8977364D9AF} - System32\Tasks\{82190D64-856D-4C6C-922D-9FAD8508D542} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {DC3A8DAE-3025-4235-B06C-CACC3F1DAC46} - System32\Tasks\{5FCCF188-5E78-416C-9C3B-8F77C09A296F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {DFA2A019-9012-4F82-AA55-9E2082015A6F} - System32\Tasks\{F6B0E881-8256-46A9-851D-019FF64777E0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {DFE32EBF-BC22-47EF-989F-017CDC1CD557} - System32\Tasks\{C78CB3F7-F879-4160-8030-7B495AF20E9D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {E0537DCC-1C74-4979-B1AC-9735AC48A0F2} - System32\Tasks\{E62BE221-C8DF-463B-8C86-66EBA86EAD75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {E05B0FAA-4811-457D-BB42-E0709E74972E} - System32\Tasks\{7F8A4CF5-3201-4A1B-B2FA-9AC16E3BEE9F} => F:\start.exe Task: {E4BA596F-75F1-4FCC-AA90-5E600894A374} - System32\Tasks\{6A6F3FEC-B4E1-405E-A6E1-DCA44CFB5AC6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {E5C598C8-6D30-4FBA-A628-5FCA9E6048FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {E8CC40CE-6EFF-49D7-95C9-BC56FEC7E2AF} - System32\Tasks\{037E02E9-A76C-4F84-89DD-4E2F0B0D9E7A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {EB22EA8E-27B3-4314-B75B-881FF591B8F4} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com ) Task: {EDFF8696-4534-4CCB-AC7D-8E24D513B566} - System32\Tasks\{EC7BC8B8-DB6E-4922-AC9D-EEC1BA683CFD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {EF36D4D7-637D-4434-8F14-6B6DBDC91565} - System32\Tasks\{0682FF32-2154-42A8-91DE-5AFCA7DB9567} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {F1A476C3-B8D9-42B3-886B-AED7F7A202D2} - System32\Tasks\{A00505E4-D661-4141-B011-480897885026} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {F381297E-60A2-4BBA-869F-417CF295023F} - System32\Tasks\{174453ED-C233-4836-B901-8F84E2082318} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {F6020FC9-3581-4CB2-A979-DCE832378F89} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-07-21] (CHIP) Task: {F65E2DFD-9C18-47E3-94C8-34F1868E68B9} - System32\Tasks\{D8F1289F-773D-44FE-8D38-2128F77B04D9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {FAE771E8-A44D-4A7A-AA6F-595C4C1445A3} - System32\Tasks\{D15DDE50-23F6-4253-A542-9A0959B6A031} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {FF0A274D-7A1F-4090-91E3-23155B5CFB97} - System32\Tasks\{21A4FF98-6035-476D-BD04-DF87A673BACC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-16 16:45 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2012-02-16 19:08 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2014-03-19 22:38 - 2014-03-19 22:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-08 22:11 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-12-08 22:11 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-12-08 22:11 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-12-08 22:11 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-12-08 22:11 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-05-22 07:04 - 2014-07-12 02:53 - 01116672 _____ () D:\Steam\libavcodec-55.dll 2014-04-23 05:54 - 2014-07-12 02:53 - 00438784 _____ () D:\Steam\libavutil-53.dll 2014-05-22 07:04 - 2014-07-12 02:53 - 00399360 _____ () D:\Steam\libavformat-55.dll 2014-01-08 15:36 - 2014-07-12 02:53 - 00331264 _____ () D:\Steam\libavresample-1.dll 2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () D:\Steam\SDL2.dll 2014-05-22 07:04 - 2014-07-16 04:28 - 02139328 _____ () D:\Steam\video.dll 2014-05-22 07:04 - 2014-04-29 02:37 - 00519168 _____ () D:\Steam\libswscale-2.dll 2012-02-03 21:18 - 2014-07-16 04:28 - 01116864 _____ () D:\Steam\bin\chromehtml.DLL 2012-02-03 21:18 - 2014-05-02 01:35 - 20628160 _____ () D:\Steam\bin\libcef.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-12-12 19:08 - 2012-05-10 16:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2014-07-18 23:19 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/03/2014 07:00:05 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (08/03/2014 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: sacredcitadel.exe, Version: 1.0.0.0, Zeitstempel: 0x516d1f3c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03c00000 ID des fehlerhaften Prozesses: 0x16f4 Startzeit der fehlerhaften Anwendung: 0xsacredcitadel.exe0 Pfad der fehlerhaften Anwendung: sacredcitadel.exe1 Pfad des fehlerhaften Moduls: sacredcitadel.exe2 Berichtskennung: sacredcitadel.exe3 Error: (08/03/2014 08:30:09 AM) (Source: MsiInstaller) (EventID: 11721) (User: Rechner) Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 Error: (08/02/2014 09:57:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Reckoning.exe, Version: 1.0.0.2, Zeitstempel: 0x4f32c2cf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039e31 ID des fehlerhaften Prozesses: 0x1748 Startzeit der fehlerhaften Anwendung: 0xReckoning.exe0 Pfad der fehlerhaften Anwendung: Reckoning.exe1 Pfad des fehlerhaften Moduls: Reckoning.exe2 Berichtskennung: Reckoning.exe3 Error: (07/30/2014 06:00:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm chrome.exe, Version 36.0.1985.125 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1464 Startzeit: 01cfac0e6b300595 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: 8d13c0c2-1802-11e4-8cc9-902b34a47824 Error: (07/28/2014 11:42:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a Name des fehlerhaften Moduls: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013e4b7 ID des fehlerhaften Prozesses: 0x930 Startzeit der fehlerhaften Anwendung: 0xCascade.exe0 Pfad der fehlerhaften Anwendung: Cascade.exe1 Pfad des fehlerhaften Moduls: Cascade.exe2 Berichtskennung: Cascade.exe3 Error: (07/27/2014 11:56:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a Name des fehlerhaften Moduls: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013e4b7 ID des fehlerhaften Prozesses: 0x14cc Startzeit der fehlerhaften Anwendung: 0xCascade.exe0 Pfad der fehlerhaften Anwendung: Cascade.exe1 Pfad des fehlerhaften Moduls: Cascade.exe2 Berichtskennung: Cascade.exe3 Error: (07/27/2014 07:00:07 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (07/26/2014 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: One Finger Death Punch.exe, Version: 1.0.0.0, Zeitstempel: 0x5343e170 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0xOne Finger Death Punch.exe0 Pfad der fehlerhaften Anwendung: One Finger Death Punch.exe1 Pfad des fehlerhaften Moduls: One Finger Death Punch.exe2 Berichtskennung: One Finger Death Punch.exe3 Error: (07/26/2014 04:09:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: One Finger Death Punch.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ArgumentOutOfRangeException Stapel: bei System.ThrowHelper.ThrowArgumentOutOfRangeException() bei System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(Int32) bei One_Finger_Death_Punch.Game1.Man_Draw() bei One_Finger_Death_Punch.Game1.Play_Draw() bei One_Finger_Death_Punch.Game1.Draw(Microsoft.Xna.Framework.GameTime) bei Microsoft.Xna.Framework.Game.DrawFrame() bei Microsoft.Xna.Framework.Game.Tick() bei Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs) bei Microsoft.Xna.Framework.GameHost.OnIdle() bei Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame() bei Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs) bei System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Microsoft.Xna.Framework.WindowsGameHost.Run() bei Microsoft.Xna.Framework.Game.RunGame(Boolean) bei Microsoft.Xna.Framework.Game.Run() bei One_Finger_Death_Punch.Program.Main(System.String[]) System errors: ============= Error: (08/03/2014 09:35:56 AM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\F503.tmp durchführen. Error: (08/03/2014 09:35:56 AM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\EBE8.tmp durchführen. Error: (08/03/2014 09:35:55 AM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\DD5D.tmp durchführen. Error: (08/03/2014 09:35:53 AM) (Source: SAVOnAccess) (EventID: 55) (User: ) Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\7829.tmp durchführen. Error: (08/03/2014 08:33:12 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{44CD44C4-470A-4BC3-9733-77DDC892B05C}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (08/03/2014 08:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/03/2014 08:19:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/03/2014 08:19:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/03/2014 01:17:49 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (08/03/2014 01:17:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (08/03/2014 07:00:05 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (08/03/2014 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: sacredcitadel.exe1.0.0.0516d1f3cunknown0.0.0.000000000c000000503c0000016f401cfaf36475aa9a0D:\Steam\steamapps\common\sacred_citadel\sacredcitadel.exeunknown71f6df07-1b2b-11e4-8b71-902b34a47824 Error: (08/03/2014 08:30:09 AM) (Source: MsiInstaller) (EventID: 11721) (User: Rechner) Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 (NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/02/2014 09:57:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Reckoning.exe1.0.0.24f32c2cfntdll.dll6.1.7601.18247521ea8e7c000000500039e31174801cfae869bfc2259D:\Steam\steamapps\common\KOAReckoning\Reckoning.exeC:\Windows\SysWOW64\ntdll.dll457f050d-1a7f-11e4-8011-902b34a47824 Error: (07/30/2014 06:00:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe36.0.1985.125146401cfac0e6b3005956C:\Program Files (x86)\Google\Chrome\Application\chrome.exe8d13c0c2-1802-11e4-8cc9-902b34a47824 Error: (07/28/2014 11:42:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Cascade.exe0.0.0.04aaf585aCascade.exe0.0.0.04aaf585ac00000050013e4b793001cfaaa4d50aaa90D:\Steam\steamapps\common\Droplitz\Cascade.exeD:\Steam\steamapps\common\Droplitz\Cascade.exe0dce6fd3-16a0-11e4-8e9e-902b34a47824 Error: (07/27/2014 11:56:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Cascade.exe0.0.0.04aaf585aCascade.exe0.0.0.04aaf585ac00000050013e4b714cc01cfa9da25aabe81D:\Steam\steamapps\common\Droplitz\Cascade.exeD:\Steam\steamapps\common\Droplitz\Cascade.exed5df23c8-15d8-11e4-9533-902b34a47824 Error: (07/27/2014 07:00:07 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (07/26/2014 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: One Finger Death Punch.exe1.0.0.05343e170KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d3bc01cfa8d905576951D:\Steam\steamapps\common\One Finger Death Punch\One Finger Death Punch.exeC:\Windows\syswow64\KERNELBASE.dll7dafe5cc-14ce-11e4-80d5-902b34a47824 Error: (07/26/2014 04:09:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: One Finger Death Punch.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ArgumentOutOfRangeException Stapel: bei System.ThrowHelper.ThrowArgumentOutOfRangeException() bei System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(Int32) bei One_Finger_Death_Punch.Game1.Man_Draw() bei One_Finger_Death_Punch.Game1.Play_Draw() bei One_Finger_Death_Punch.Game1.Draw(Microsoft.Xna.Framework.GameTime) bei Microsoft.Xna.Framework.Game.DrawFrame() bei Microsoft.Xna.Framework.Game.Tick() bei Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs) bei Microsoft.Xna.Framework.GameHost.OnIdle() bei Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame() bei Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs) bei System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Microsoft.Xna.Framework.WindowsGameHost.Run() bei Microsoft.Xna.Framework.Game.RunGame(Boolean) bei Microsoft.Xna.Framework.Game.Run() bei One_Finger_Death_Punch.Program.Main(System.String[]) ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 8153.19 MB Available physical RAM: 4971.29 MB Total Pagefile: 16347.37 MB Available Pagefile: 12777.32 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50 GB) (Free:4.83 GB) NTFS Drive d: () (Fixed) (Total:415.66 GB) (Free:127.77 GB) NTFS Drive e: (MANAGER12) (CDROM) (Total:6.87 GB) (Free:0 GB) CDFS Drive f: (H4Complete) (CDROM) (Total:7.25 GB) (Free:0 GB) CDFS Drive g: (Volume) (Fixed) (Total:465.76 GB) (Free:144.63 GB) NTFS Drive h: (VERBATIM) (Fixed) (Total:465.65 GB) (Free:243.78 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 43804506) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 89548954) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=416 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 466 GB) (Disk ID: 468F633A) Partition 1: (Not Active) - (Size=466 GB) - (Type=0C) ==================== End Of Log ============================ |
04.08.2014, 10:30 | #4 |
/// the machine /// TB-Ausbilder | Delta-Toolbar, Downloadsponsor etc. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.08.2014, 21:52 | #5 |
| Delta-Toolbar, Downloadsponsor etc. Hallo schrauber, danke für die Antwort. Zunächst: Gestern Abend habe ich aus Ungeduld nach Lösungsstrategien gesucht und den den Virenbefall rekonstruiert. Das ursprüngliche Problem war die Langsamkeit meines Browsers Chrome. Von einer Seite mit 100% webtrust "w*w.dieviren.de" habe ich unter einer entsprechenden Unterseite mir die Scareware SPYHUNTER runtergeladen, installiert und ausgeführt ... . Danach traten die größeren Probleme mit der Weiterleitung und der Anfrage der Kopierung der Kontaktdaten aus Thunderbird auf (btw. wurde noch keine Mail glücklicherweise verschickt.) Danach habe ich nach Threads zum Spyhunter gesucht und die dort aufgeführten Anweisungen befolgt, aber ausschließlich Schritte, vor denen nicht expliziert gewarnt wurden. So habe ich gestern abend vor combofix folgende Programme ausgeführt: SpyHunterKiller; AdwCleaner; JunkRemovalTool Danach kam es nicht mehr zu Weiterleitungen oder Thunderbird-Benachrichtigungen. Die Logs sind wie folgt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Michael on 03.08.2014 at 21:21:33,28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296218438-4040402403-1704041965-1001\Software\sweetim ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.08.2014 at 21:26:41,28 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 21:08:45 # Aktualisiert 30/07/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Michael - RECHNER # Gestartet von : C:\Users\Michael\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.302.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : AppleChargerSrv ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Michael\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\pdfforge Datei Gelöscht : C:\Windows\System32\AppleChargerSrv.exe ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\5ce8cd1bd6aef17 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Google Chrome v36.0.1985.125 [ Datei : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof ************************* AdwCleaner[R0].txt - [4670 octets] - [03/08/2014 21:07:38] AdwCleaner[S0].txt - [4425 octets] - [03/08/2014 21:08:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4485 octets] ########## ____ ____ ____ ____ ____ Combofix Ich habe Combofix ausgeführt und es kam in laufe des scans zu einigen Fehlermeldungen. Wie folgt: Vorbereitung: NIRCMDC 1* NIRKMD 7* NIRCMD 2* MIRCMD.ECE 1* Während der Einzelschritte 1, 2, 3, 4, 5, 6, 6A, 7, 8, 9, 10, 15, 16, 17, 19B, 20, 21, 22, 23, 25, 27, 29, 30, 31, 32, 32A, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 50 kam es zu Fehlern durch die fehlende MIRKMD Im Find3M Schritt NIRCMB 3* fehlend NircmdB.exe 1* fehlend NIRKMD 7* fehlend NIRCMB 1* fehlend ___ Text "Log wird geöffnet" NIRKMD 2* fehlend ___ Log geöffnet NIRCMD.exe 1*fehlend NIRKMD 2* fehlend NIRCMD.exe 1*fehlend Hier das Log Code:
ATTFilter ComboFix 14-08-05.01 - Michael 04.08.2014 21:54:50.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8153.5640 [GMT 2:00] ausgeführt von:: c:\users\Michael\Downloads\ComboFix.exe AV: Sophos Anti-Virus *Enabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} SP: Sophos Anti-Virus *Enabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe c:\windows\wininit.ini D:\install.exe D:\setup.exe D:\Uninstall.exe D:\WinRAR.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-07-04 bis 2014-08-04 )))))))))))))))))))))))))))))) . . 2014-08-04 19:59 . 2014-08-04 19:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-04 19:59 . 2014-08-04 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-04 19:51 . 2014-08-04 19:53 -------- d-----w- C:\32788R22FWJFW 2014-08-03 20:10 . 2014-08-04 17:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-03 20:10 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-03 20:10 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-03 20:10 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-03 19:21 . 2014-08-03 19:21 -------- d-----w- c:\windows\ERUNT 2014-08-03 19:08 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-03 19:07 . 2014-08-03 19:19 -------- d-----w- C:\AdwCleaner 2014-08-03 18:39 . 2014-08-03 18:40 -------- d-----w- C:\FRST 2014-08-03 17:59 . 2014-08-03 17:59 -------- d-----w- c:\users\Michael\AppData\Roaming\Abelssoft 2014-08-03 17:59 . 2014-08-03 17:59 -------- d-----w- c:\programdata\XDMessagingv4 2014-08-03 17:59 . 2014-08-03 17:59 -------- d-----w- c:\users\Michael\AppData\Local\Abelssoft 2014-08-03 17:59 . 2014-08-03 19:18 -------- d-----w- c:\program files (x86)\CHIP Updater 2014-08-03 07:19 . 2014-08-03 07:19 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-03 07:18 . 2014-08-03 07:18 -------- d-----w- c:\programdata\Malwarebytes 2014-08-01 22:21 . 2014-08-01 22:21 -------- d-----w- c:\users\Michael\AppData\Local\BigHugeEngine 2014-08-01 15:58 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B0AD7BD-7AEF-4CAE-A7DC-CBB03C3F150D}\mpengine.dll 2014-07-28 19:09 . 2014-07-28 19:09 -------- d-----w- c:\users\Michael\AppData\Local\THQ 2014-07-28 19:09 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2014-07-28 19:09 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2014-07-28 19:09 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2014-07-28 19:09 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2014-07-28 19:09 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2014-07-27 20:34 . 2014-07-27 20:34 -------- d-----w- c:\users\Michael\AppData\Roaming\Atlus 2014-07-27 20:10 . 2014-08-02 09:25 -------- d-----w- c:\program files (x86)\GOG.com 2014-07-22 15:53 . 2014-07-22 15:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2014-07-16 18:07 . 2014-08-01 20:54 -------- d-----w- c:\users\Michael\AppData\Local\Game Dev Tycoon - Steam 2014-07-15 15:28 . 2014-07-15 15:28 -------- d-----w- c:\program files (x86)\Common Files\3DO Shared 2014-07-15 15:28 . 2014-07-15 15:28 -------- d-----w- c:\program files (x86)\3DO 2014-07-15 15:25 . 2014-07-15 15:25 -------- d-----w- c:\program files (x86)\directx 2014-07-12 07:52 . 2014-07-12 07:52 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-07-12 07:17 . 2014-07-12 07:17 -------- d-----w- c:\users\Michael\AppData\Local\Risen2 2014-07-09 12:39 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-07-09 12:39 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-07-09 12:39 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-10 01:02 . 2012-02-04 13:31 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-07-09 11:27 . 2012-04-01 14:20 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-09 11:27 . 2012-02-03 23:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-06 05:43 . 2014-06-06 05:43 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-06-06 05:43 . 2014-06-06 05:43 313256 ----a-w- c:\windows\system32\javaws.exe 2014-06-06 05:43 . 2014-06-06 05:43 191400 ----a-w- c:\windows\system32\javaw.exe 2014-06-06 05:43 . 2014-06-06 05:43 190888 ----a-w- c:\windows\system32\java.exe 2014-05-20 17:36 . 2014-05-20 17:36 38144 ----a-w- c:\windows\system32\drivers\sdcfilter.sys 2014-05-20 17:34 . 2014-05-20 17:34 27904 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2014-05-20 17:34 . 2014-05-20 17:34 176120 ----a-w- c:\windows\system32\sdccoinstaller.dll 2014-05-20 17:34 . 2014-05-20 17:38 35624 ----a-w- c:\windows\system32\SophosBootTasks.exe 2014-05-20 17:33 . 2014-05-20 17:33 158976 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2014-05-08 09:32 . 2014-06-11 03:31 3178496 ----a-w- c:\windows\system32\rdpcorets.dll 2014-05-08 09:32 . 2014-06-11 03:31 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\steam\steam.exe" [2014-07-16 1753280] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "THPanel"="c:\program files (x86)\Thunder Master\THPanel.exe" [2012-07-13 2050416] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21415040] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2014-05-20 1617704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;d:\svrtservice.exe;d:\SVRTservice.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;g:\ malwarebytes anti-malware \mbamscheduler.exe;g:\ malwarebytes anti-malware \mbamscheduler.exe [x] S2 MBAMService;MBAMService;g:\ malwarebytes anti-malware \mbamservice.exe;g:\ malwarebytes anti-malware \mbamservice.exe [x] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x] S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-18 21:17 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:27] . 2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28 17:08] . 2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28 17:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-18 12489360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com mDefault_Page_URL = hxxp://www.google.com IE: An OneNote s&enden - d:\office14\ONBttnIE.dll/105 IE: Nach Microsoft &Excel exportieren - d:\office11\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - d:\office14\EXCEL.EXE/3000 LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Notify-SDWinLogon - SDWinLogon.dll . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1296218438-4040402403-1704041965-1001\Software\SecuROM\License information*] "datasecu"=hex:34,18,f1,55,8c,63,a6,c9,ef,8b,eb,cc,9b,7b,fe,70,4e,bc,e8,bc,89, 8e,08,3f,15,a8,14,e4,93,dd,81,35,9b,28,3a,83,2f,a6,f3,ea,96,ca,a9,28,25,43,\ "rkeysecu"=hex:80,06,e3,30,0c,e6,fd,f5,c4,e3,cf,5e,29,10,76,25 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-08-04 22:02:07 ComboFix-quarantined-files.txt 2014-08-04 20:02 . Vor Suchlauf: 5.921.710.080 Bytes frei Nach Suchlauf: 5.771.444.224 Bytes frei . - - End Of File - - 20E3115883D49331434E3A0E1BC6536F A36C5E4F47E84449FF07ED3517B43A31 -------- Ich hoffe, ich konnte Ihnen damit helfen. Ich werde nun diesbezüglich nicht mehr auf eigene Faust handeln. Thunderbird enthält sensible Daten, teils Geschäftsadressen und ich habe für den Fall einer "Viagramailingaktion" einen Ruf zu verlieren ... . Daher habe ich etwas überstürzt reagiert. Danke! Zum Abschluss: Während der Erstellung dieses Posts hat Chrome mich gefragt, ob ich die "gesicherte Verbindung verlassen möchte". Ich habe "Ablehnen" gewählt. Geändert von Harmian (04.08.2014 um 22:09 Uhr) |
05.08.2014, 17:34 | #6 |
/// the machine /// TB-Ausbilder | Delta-Toolbar, Downloadsponsor etc.ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Delta-Toolbar, Downloadsponsor etc. |
05.08.2014, 22:42 | #7 |
| Delta-Toolbar, Downloadsponsor etc. Hallo schrauber, nochmal danke für die Hilfe. ESET läuft nun schon seit 2 1/2 Stunden und kriecht erst bei 55% rum. Ich werde die .logs daher erst morgen Abend posten können. Schönen Gruß, harmian |
06.08.2014, 15:38 | #8 |
/// the machine /// TB-Ausbilder | Delta-Toolbar, Downloadsponsor etc. ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.08.2014, 17:16 | #9 |
| Delta-Toolbar, Downloadsponsor etc. Hallo schrauber, anbei die logs. ESET. 3 "Bedrohungen" wurden gefunden. H:// ist btw. meine externe Festplatte, die ich als backup verwende. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e4aff097c45751489e75ad66b6bcfd85 # engine=19515 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2014-08-05 10:17:19 # local_time=2014-08-06 12:17:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 12629 158906888 0 0 # compatibility_mode_1='Sophos Anti-Virus' # compatibility_mode=8450 16777213 100 98 12636 58969272 0 0 # scanned=340802 # found=3 # cleaned=0 # scan_time=10087 sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michael\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe" sh=3DEE227509944304A6F3F7F47C1A32F8CA0FB2E8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\RECHNER\Backup Set 2012-02-19 190000\Backup Files 2012-02-19 190000\Backup files 6.zip" Nach dem ESET Scan habe ich Firewall und Virenschutz wieder aktiviert. D.h. diese waren bei dem SecurityCheck Scan aktiv. Code:
ATTFilter Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is disabled!) ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 55 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader 10.1.10 Adobe Reader out of Date! Mozilla Thunderbird (24.6.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 Ran by Michael (administrator) on RECHNER on 06-08-2014 18:10:26 Running from C:\Users\Michael\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Valve Corporation) D:\Steam\Steam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbam.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) D:\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21415040 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x913AA730ACE2CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: ======= CHR HomePage: hxxp://www.msn.com/?pc=AV01 CHR StartupUrls: "https://www.google.de/?gws_rd=ssl" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - D:\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Google Update) - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-04] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03] CHR Extension: (ModHeader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2013-04-23] CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-09] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation) S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; D:\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-20] (Sophos Limited) S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 18:10 - 2014-08-06 18:10 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2014-08-06 18:10 - 2014-08-06 18:10 - 00019633 _____ () C:\Users\Michael\Downloads\FRST.txt 2014-08-06 18:03 - 2014-08-06 18:03 - 00854410 _____ () C:\Users\Michael\Downloads\SecurityCheck.exe 2014-08-05 21:05 - 2014-08-05 21:05 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe 2014-08-04 22:25 - 2014-08-04 22:25 - 00021177 _____ () C:\Users\Michael\Desktop\ComboFix2.txt 2014-08-04 22:24 - 2014-08-04 22:24 - 00021177 _____ () C:\ComboFix.txt 2014-08-04 22:15 - 2014-08-04 22:25 - 00000000 ____D () C:\ComboFix 2014-08-04 22:06 - 2014-08-04 22:06 - 00021481 _____ () C:\Users\Michael\Desktop\ComboFix1.txt 2014-08-04 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-04 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-04 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-04 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-04 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-04 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-04 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-04 21:51 - 2014-08-04 22:25 - 00000000 ____D () C:\Qoobox 2014-08-04 21:51 - 2014-08-04 22:15 - 00000000 ____D () C:\32788R22FWJFW 2014-08-04 21:51 - 2014-08-04 22:00 - 00000000 ____D () C:\Windows\erdnt 2014-08-04 21:50 - 2014-08-04 21:50 - 05567674 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe 2014-08-04 17:07 - 2014-08-04 17:15 - 00064000 _____ () C:\Users\Michael\Desktop\Auswertung 2 20140803.xls 2014-08-04 16:57 - 2014-08-04 17:15 - 00066048 _____ () C:\Users\Michael\Desktop\Auswertung 1 20140803.xls 2014-08-03 22:53 - 2014-08-03 21:38 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140803-225316.backup 2014-08-03 22:10 - 2014-08-06 17:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 22:10 - 2014-08-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-03 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-03 22:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-03 21:26 - 2014-08-03 21:26 - 00000951 _____ () C:\Users\Michael\Desktop\JRT.txt 2014-08-03 21:21 - 2014-08-03 21:21 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 21:19 - 2014-08-03 21:19 - 00004641 _____ () C:\Users\Michael\Desktop\AdwCleaner[S0].txt 2014-08-03 21:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-03 21:07 - 2014-08-03 21:19 - 00000000 ____D () C:\AdwCleaner 2014-08-03 21:07 - 2014-08-03 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-03 20:39 - 2014-08-06 18:10 - 00000000 ____D () C:\FRST 2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log 2014-08-03 19:59 - 2014-08-03 21:18 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-03 19:59 - 2014-08-03 21:18 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat 2014-08-03 00:42 - 2014-08-03 00:43 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel 2014-08-02 20:54 - 2014-08-02 20:55 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe 2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine 2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ 2014-07-28 21:09 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-07-28 21:09 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus 2014-07-27 22:10 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-16 20:07 - 2014-08-01 22:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam 2014-07-15 17:30 - 2014-07-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO 2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO 2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx 2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2 2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5 2014-07-09 14:40 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 14:40 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 14:40 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 14:40 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 14:39 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 14:39 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 14:39 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 18:10 - 2014-08-06 18:10 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2014-08-06 18:10 - 2014-08-06 18:10 - 00019633 _____ () C:\Users\Michael\Downloads\FRST.txt 2014-08-06 18:10 - 2014-08-03 20:39 - 00000000 ____D () C:\FRST 2014-08-06 18:03 - 2014-08-06 18:03 - 00854410 _____ () C:\Users\Michael\Downloads\SecurityCheck.exe 2014-08-06 17:52 - 2014-08-03 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 17:43 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-06 17:43 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-06 17:40 - 2012-02-03 20:53 - 02072672 _____ () C:\Windows\WindowsUpdate.log 2014-08-06 17:36 - 2013-12-19 11:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\LogMeIn Hamachi 2014-08-06 17:36 - 2012-02-04 15:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype 2014-08-06 17:35 - 2014-06-28 19:08 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-06 17:35 - 2013-12-21 08:03 - 00014188 _____ () C:\Windows\setupact.log 2014-08-06 17:35 - 2012-02-04 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-06 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-06 07:27 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-06 07:14 - 2014-06-28 19:08 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-05 21:05 - 2014-08-05 21:05 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe 2014-08-05 20:39 - 2014-02-06 12:47 - 00192638 _____ () C:\Windows\PFRO.log 2014-08-04 22:25 - 2014-08-04 22:25 - 00021177 _____ () C:\Users\Michael\Desktop\ComboFix2.txt 2014-08-04 22:25 - 2014-08-04 22:15 - 00000000 ____D () C:\ComboFix 2014-08-04 22:25 - 2014-08-04 21:51 - 00000000 ____D () C:\Qoobox 2014-08-04 22:24 - 2014-08-04 22:24 - 00021177 _____ () C:\ComboFix.txt 2014-08-04 22:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-04 22:15 - 2014-08-04 21:51 - 00000000 ____D () C:\32788R22FWJFW 2014-08-04 22:13 - 2013-12-08 22:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-04 22:06 - 2014-08-04 22:06 - 00021481 _____ () C:\Users\Michael\Desktop\ComboFix1.txt 2014-08-04 22:02 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-08-04 22:00 - 2014-08-04 21:51 - 00000000 ____D () C:\Windows\erdnt 2014-08-04 21:50 - 2014-08-04 21:50 - 05567674 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe 2014-08-04 17:15 - 2014-08-04 17:07 - 00064000 _____ () C:\Users\Michael\Desktop\Auswertung 2 20140803.xls 2014-08-04 17:15 - 2014-08-04 16:57 - 00066048 _____ () C:\Users\Michael\Desktop\Auswertung 1 20140803.xls 2014-08-04 16:52 - 2013-09-09 16:52 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-08-03 22:10 - 2014-08-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 21:38 - 2014-08-03 22:53 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140803-225316.backup 2014-08-03 21:26 - 2014-08-03 21:26 - 00000951 _____ () C:\Users\Michael\Desktop\JRT.txt 2014-08-03 21:21 - 2014-08-03 21:21 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 21:19 - 2014-08-03 21:19 - 00004641 _____ () C:\Users\Michael\Desktop\AdwCleaner[S0].txt 2014-08-03 21:19 - 2014-08-03 21:07 - 00000000 ____D () C:\AdwCleaner 2014-08-03 21:18 - 2014-08-03 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-03 21:18 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-03 21:18 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-08-03 21:10 - 2009-07-14 06:45 - 00416480 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-03 20:25 - 2012-02-03 21:11 - 00113344 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-03 20:24 - 2009-07-14 19:58 - 00710502 _____ () C:\Windows\system32\perfh007.dat 2014-08-03 20:24 - 2009-07-14 19:58 - 00154832 _____ () C:\Windows\system32\perfc007.dat 2014-08-03 20:24 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft 2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-03 16:20 - 2014-02-18 04:01 - 00000000 ____D () C:\Users\Michael\Desktop\Quiz 2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-03 09:19 - 2012-02-24 21:11 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat 2014-08-03 00:43 - 2014-08-03 00:42 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel 2014-08-02 21:02 - 2014-01-03 23:55 - 00118241 _____ () C:\Windows\DirectX.log 2014-08-02 20:55 - 2014-08-02 20:54 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe 2014-08-02 19:23 - 2013-12-08 22:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-08-02 11:27 - 2012-02-18 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-08-02 11:25 - 2014-07-27 22:10 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine 2014-08-02 00:21 - 2012-02-04 14:09 - 00000000 ____D () C:\Users\Michael\Documents\My Games 2014-08-01 22:54 - 2014-07-16 20:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam 2014-08-01 22:21 - 2013-03-20 20:52 - 00008704 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-30 21:52 - 2013-12-27 18:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TS3Client 2014-07-30 19:42 - 2013-12-25 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\DayZ 2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg 2014-07-30 18:00 - 2013-07-20 09:59 - 00000000 _____ () C:\Windows\system32\vireng.log 2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ 2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus 2014-07-22 20:26 - 2013-12-27 18:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\TeamSpeak 3 Client 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-22 02:42 - 2012-02-04 03:19 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-07-20 08:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-15 18:36 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\Michael\Documents\SavedGames 2014-07-15 17:33 - 2014-07-15 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO 2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO 2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx 2014-07-15 05:33 - 2012-02-20 17:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI 2014-07-13 16:30 - 2013-12-15 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft 2014-07-12 11:46 - 2013-09-25 18:22 - 00213548 _____ () C:\shared.log 2014-07-12 10:45 - 2012-04-28 10:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2 2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5 2014-07-11 05:33 - 2014-06-04 09:07 - 00000000 ____D () C:\TEMP 2014-07-11 05:22 - 2013-05-16 17:10 - 00000000 ____D () C:\Windows\rescache 2014-07-10 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 03:05 - 2012-12-13 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-10 03:04 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 03:02 - 2012-02-04 15:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 13:27 - 2012-04-01 16:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 13:27 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 13:27 - 2012-02-04 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-30 19:35 ==================== End Of Log ============================ --- --- --- Status meinerseits: Ich habe soweit keine redirects mehr. Chrome lahmt immer noch ein wenig rum, speziell wenn ich oft besuchte Seiten aufrufe. Chrome ist bei mir relativ unverändert. Ich habe 2 kleine Addons, addblock und einen proxydienst für Youtube, mehr nicht. Der Verlauf wird 1* wöchentlich gelöscht. Ist Dir noch etwas aufgefallen? Danke nochmals! Harmian |
07.08.2014, 16:34 | #10 |
/// the machine /// TB-Ausbilder | Delta-Toolbar, Downloadsponsor etc. Java und Adobe updaten. Backup löschen. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Delta-Toolbar, Downloadsponsor etc. |
adobe, adobe flash player, antivirus, bho, browser, chrome, delta-toolbar, downloadsponsor, explorer, flash player, google, helper, hijack, hijackthis, internet, internet explorer, lizenz, logfile, microsoft, monitor, mozilla, nvidia, security, senden, software, temp, usb, windows |