Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Delta-Toolbar, Downloadsponsor etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.08.2014, 19:15   #1
Harmian
 
Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Hallo,

Problem 1:
seit einigen Tagen hat sich die Geschwindigkeit des Seitenaufbaus bei Google Chrome massiv verlängert.

Meine Aktion:
Nachdem ich probeweise meinen Antivirus Sophos (Lizenz von Uni) durchlaufen ließ, wurde nichts gefunden.
Ein zweiter Check mit Spybot brachte fast 200 Ergebnisse... .
Ich habe mit Spybot die Bereinigung durchgeführt.
Ich möchte zusätzlich erwähnen, dass mein Browser bis auf 3 offizielle Plugins keine Toolbars etc. hat.
Anschließend habe ich noch zusätzlich Malwarebytes heruntergeladen, aktualisiert, gescannt und die etwa 60 Funde nochmals bereinigen lassen.
Bei einem zweiten Scan mit Spybot und Malwarebytes wurde nichts mehr gefunden.

Problem 2:
Dann lief für 2 Stunden wieder alles wunderbar. Auf einmal verlangsamte Chrome erneut und es öffnete sich eine (ewiglangerZahlen+Zeichenwirrwarr).php Seite, die ich schnell geschlossen habe.

Ein erneuter Check mit Spybot brachte keine Ergebnisse.

Zur Info: Beim ersten Durchlauf wurde die Delta und Babylon Toolbar, wie auch der Downloadsponsor als Malware erkannt.

Könnten sie mir bitte helfen?

Danke

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:14, on 03.08.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Thunder Master\THPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\thunderbird.exe
G:\ Malwarebytes Anti-Malware \mbam.exe
D:\Office14\EXCEL.EXE
D:\IrfanView\i_view32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1296218438-4040402403-1704041965-1048\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1296218438-4040402403-1704041965-1048\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: An OneNote s&enden - res://D:\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\ Malwarebytes Anti-Malware \mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - G:\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13542 bytes
         

Alt 03.08.2014, 19:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 03.08.2014, 19:42   #3
Harmian
 
Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Update:
Chrome wird inzwischen auf verschiedene Seiten redirected und Thunderbird fragt nach meiner Erlaubnis zur Kopie der Kontaktdaten.eml.

Ich bin langsam am überlegen, den PC neu aufzusetzen.

Danke


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Michael (administrator) on RECHNER on 03-08-2014 20:40:00
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21415040 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: E - E:\Run.exe
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: {f54d2f97-44b7-11e2-8799-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\MountPoints2: {f54d2f98-44b7-11e2-8799-806e6f6e6963} - F:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x913AA730ACE2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "https://www.google.de/?gws_rd=ssl"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - D:\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-04]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (ModHeader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2013-04-23]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-09] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-20] (Sophos Limited)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U0 roihn; C:\Windows\System32\drivers\xrlfmfkk.sys [79064 2014-08-03] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 20:40 - 2014-08-03 20:40 - 00020713 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-03 20:39 - 2014-08-03 20:40 - 00000000 ____D () C:\FRST
2014-08-03 20:39 - 2014-08-03 20:39 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-08-03 19:59 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-08-03 19:57 - 2014-08-03 19:58 - 00826192 _____ (Chip Digital GmbH) C:\Users\Michael\Downloads\HijackThis - CHIP-Installer.exe
2014-08-03 09:35 - 2014-08-03 09:35 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xrlfmfkk.sys
2014-08-03 09:20 - 2014-08-03 18:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 09:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 09:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 09:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 08:53 - 2014-08-03 08:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat
2014-08-03 08:29 - 2014-08-03 08:29 - 00002262 _____ () C:\Users\Michael\Desktop\SpyHunter.lnk
2014-08-03 08:29 - 2014-08-03 08:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-03 08:27 - 2014-08-03 08:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-08-03 00:42 - 2014-08-03 00:43 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel
2014-08-02 20:54 - 2014-08-02 20:55 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe
2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine
2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ
2014-07-28 21:09 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus
2014-07-27 22:21 - 2014-07-27 22:21 - 00106517 _____ () C:\Users\Michael\Downloads\eq_cl_33.exe
2014-07-27 22:10 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-16 20:07 - 2014-08-01 22:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam
2014-07-15 17:30 - 2014-07-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx
2014-07-15 17:25 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-07-13 14:28 - 2014-07-13 14:28 - 00519122 _____ () C:\Users\Michael\Downloads\[PC] KZ Manager Millenium - Hamburg Edition (1.0.0. Beta) (German).rar
2014-07-12 18:10 - 2014-07-12 18:12 - 58238578 _____ () C:\Users\Michael\Downloads\DATA_DECKS_2010_GXSC_MAINEXP.wad
2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-12 09:51 - 2014-07-12 09:52 - 41177600 _____ () C:\Users\Michael\Downloads\PhysX-9.13.1220-SystemSoftware.msi
2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2
2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5
2014-07-11 01:43 - 2014-07-11 01:43 - 00046130 _____ () C:\Users\Michael\Downloads\SteamAchievementManager63_hotfix.zip
2014-07-11 01:43 - 2013-08-10 05:20 - 00031232 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.API.dll
2014-07-11 01:43 - 2011-09-23 12:16 - 00045056 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.Picker.exe
2014-07-11 01:43 - 2011-09-23 12:16 - 00045056 _____ (Party Princess Palace) C:\Users\Michael\Downloads\SAM.Game.exe
2014-07-09 14:40 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 14:40 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:39 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:39 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:39 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 20:40 - 2014-08-03 20:40 - 00020713 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-03 20:40 - 2014-08-03 20:39 - 00000000 ____D () C:\FRST
2014-08-03 20:40 - 2013-12-19 11:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\LogMeIn Hamachi
2014-08-03 20:39 - 2014-08-03 20:39 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-03 20:38 - 2012-02-04 15:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-08-03 20:38 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 20:38 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 20:27 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 20:25 - 2012-02-03 21:11 - 00113344 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 20:24 - 2009-07-14 19:58 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-08-03 20:24 - 2009-07-14 19:58 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-08-03 20:24 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 20:14 - 2012-02-03 20:53 - 01995356 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 20:13 - 2014-06-28 19:08 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-08-03 19:59 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-08-03 19:58 - 2014-08-03 19:57 - 00826192 _____ (Chip Digital GmbH) C:\Users\Michael\Downloads\HijackThis - CHIP-Installer.exe
2014-08-03 19:22 - 2014-06-28 19:08 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 18:55 - 2014-08-03 09:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 16:52 - 2013-09-09 16:52 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-08-03 16:20 - 2014-02-18 04:01 - 00000000 ____D () C:\Users\Michael\Desktop\Quiz
2014-08-03 09:35 - 2014-08-03 09:35 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xrlfmfkk.sys
2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 09:19 - 2012-02-24 21:11 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 08:54 - 2014-08-03 08:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat
2014-08-03 08:29 - 2014-08-03 08:29 - 00002262 _____ () C:\Users\Michael\Desktop\SpyHunter.lnk
2014-08-03 08:29 - 2014-08-03 08:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-03 08:27 - 2014-08-03 08:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-08-03 08:16 - 2014-02-06 12:47 - 00188670 _____ () C:\Windows\PFRO.log
2014-08-03 08:16 - 2013-12-21 08:03 - 00013964 _____ () C:\Windows\setupact.log
2014-08-03 08:16 - 2012-02-04 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 08:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 00:43 - 2014-08-03 00:42 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel
2014-08-02 21:02 - 2014-01-03 23:55 - 00118241 _____ () C:\Windows\DirectX.log
2014-08-02 20:55 - 2014-08-02 20:54 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe
2014-08-02 20:37 - 2014-02-06 02:24 - 00000335 _____ () C:\Windows\wininit.ini
2014-08-02 19:23 - 2013-12-08 22:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-02 11:27 - 2012-02-18 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-08-02 11:25 - 2014-07-27 22:10 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine
2014-08-02 00:21 - 2012-02-04 14:09 - 00000000 ____D () C:\Users\Michael\Documents\My Games
2014-08-01 22:54 - 2014-07-16 20:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam
2014-08-01 22:21 - 2013-03-20 20:52 - 00008704 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 21:52 - 2013-12-27 18:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TS3Client
2014-07-30 19:42 - 2013-12-25 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\DayZ
2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-07-30 18:00 - 2013-07-20 09:59 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ
2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus
2014-07-27 22:21 - 2014-07-27 22:21 - 00106517 _____ () C:\Users\Michael\Downloads\eq_cl_33.exe
2014-07-22 20:26 - 2013-12-27 18:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\TeamSpeak 3 Client
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 02:42 - 2012-02-04 03:19 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-20 08:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 18:36 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\Michael\Documents\SavedGames
2014-07-15 17:33 - 2014-07-15 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx
2014-07-15 05:33 - 2012-02-20 17:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI
2014-07-13 16:30 - 2013-12-15 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2014-07-13 14:28 - 2014-07-13 14:28 - 00519122 _____ () C:\Users\Michael\Downloads\[PC] KZ Manager Millenium - Hamburg Edition (1.0.0. Beta) (German).rar
2014-07-12 18:12 - 2014-07-12 18:10 - 58238578 _____ () C:\Users\Michael\Downloads\DATA_DECKS_2010_GXSC_MAINEXP.wad
2014-07-12 11:46 - 2013-09-25 18:22 - 00213548 _____ () C:\shared.log
2014-07-12 10:45 - 2012-04-28 10:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-12 09:52 - 2014-07-12 09:51 - 41177600 _____ () C:\Users\Michael\Downloads\PhysX-9.13.1220-SystemSoftware.msi
2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2
2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5
2014-07-11 05:33 - 2014-06-04 09:07 - 00000000 ____D () C:\TEMP
2014-07-11 05:22 - 2013-05-16 17:10 - 00000000 ____D () C:\Windows\rescache
2014-07-11 01:43 - 2014-07-11 01:43 - 00046130 _____ () C:\Users\Michael\Downloads\SteamAchievementManager63_hotfix.zip
2014-07-11 00:49 - 2009-07-14 06:45 - 00412120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:05 - 2012-12-13 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:04 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2012-02-04 15:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 13:27 - 2012-04-01 16:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 13:27 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 13:27 - 2012-02-04 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 19:35

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Michael at 2014-08-03 20:40:31
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Overhaul Games)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.26 - Abelssoft)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Desperados - Wanted Dead or Alive (HKLM-x32\...\Steam App 260730) (Version:  - Spellbound)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Droplitz (HKLM-x32\...\Steam App 23120) (Version:  - Blitz Games Studio, Ltd.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
Fallout 3 Patch v1.4 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.4 - )
FF7 XBox 360 Controller Fix (Steam) 2.0 (HKLM-x32\...\{4FAA5121-ABE1-46AA-B5E7-31584FA33795}_is1) (Version: 2.0 - Johnny "ThunderPeel2001" Walker)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
G-Hotkey version 3.62 (HKLM-x32\...\{6F870369-F2ED-40AC-8BB0-DA85A8AEE155}_is1) (Version:  - )
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version:  - Nival)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version:  - Nival)
Heroes of Might & Magic V: Tribes of the East (HKLM-x32\...\Steam App 15370) (Version:  - Nival)
Heroes of Might & Magic V: Tribes of the East Editor (HKLM-x32\...\Steam App 19970) (Version:  - Ubisoft)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version:  - GOG.com)
Heroes of Might and Magic IV: Winds of War (HKLM-x32\...\Heroes of Might and Magic IV) (Version:  - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version:  - Blackhole)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
New Star Soccer 5 (HKLM-x32\...\Steam App 212780) (Version:  - New Star Games)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Operation Flashpoint: Dragon Rising (HKLM-x32\...\Steam App 12830) (Version:  - Codemasters Studios)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Patch v2.2 (HKLM-x32\...\{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1) (Version:  - RUNEFORGE Games Studios)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Pokémon Mystery Gift Editor (HKLM-x32\...\Pokémon Mystery Gift Editor) (Version:  - Grovyle91)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
Sacred Citadel (HKLM-x32\...\Steam App 207930) (Version:  - Southend)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Spellforce 2: Gold Edition (HKLM-x32\...\Steam App 39550) (Version:  - Phenomic)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Guild II - Pirates of the European Seas (HKLM-x32\...\Steam App 39660) (Version:  - 4 Head Studios)
The Guild II (HKLM-x32\...\Steam App 39650) (Version:  - 4 Head Studios)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version:  - bman654)
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1296218438-4040402403-1704041965-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1296218438-4040402403-1704041965-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

03-08-2014 07:18:47 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04BFC927-ACAE-44F5-8143-A1E8C6C93192} - System32\Tasks\{26D2419E-D7B5-408A-B3AB-FEE02F6406FE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0582E66D-BF74-4E20-85FA-5BA4ADD1E97F} - System32\Tasks\{144D8527-7421-4519-9488-99030BEA3F58} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0727B8C4-3692-4974-A429-C44277781C0B} - System32\Tasks\{FBC4C2D4-2E5A-43C9-8872-501AB0DF2AC1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {093993D8-944D-49CC-A094-F660A0501C25} - System32\Tasks\{D6F705C0-4961-484F-BD79-EC1379B163C7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0A7487E4-2CDE-4A2B-B34A-521DE73F0267} - System32\Tasks\{D51F84F0-038A-439E-A58B-294E97793941} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0AC36268-6775-437A-BABF-34FDAA9C8449} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {0CE3511D-0995-494A-AE03-88D42B2D6E46} - System32\Tasks\{0456F496-7FDB-468A-BCDC-EDABC4DA8577} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0FF061E7-A179-452F-9922-8A15209C81D5} - System32\Tasks\{F30B2B7F-157A-4BE2-B98B-75359ABC0930} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {10744586-3FD0-4FE4-90AF-BFC40071E225} - System32\Tasks\{3D2E9DBE-7FB8-47EB-B2D1-6EF5DA95AD08} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {114B20D4-4E3E-491F-8CEF-4E18A6889015} - System32\Tasks\{721EAB80-EBF0-4B20-8CE4-383E0E373C0C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {189FDA34-3C40-4647-B2FD-BCD6E6CD46F3} - System32\Tasks\{156073D9-787D-42D1-BC35-0022D958FFE8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {18B945EE-D051-4E26-9673-7D316D276CEF} - System32\Tasks\{C0BE621E-D988-44F3-B745-A85406FCED86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1A24D02F-5B41-42B1-BF3B-131C638E2CEB} - System32\Tasks\{B36B2E46-4584-46DA-9AEA-039FB8EB4CBF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1AD72E9C-F68F-41C8-A39E-8A299CC2BF39} - System32\Tasks\{90FBEA3C-98CE-46BF-A40A-F40E2170CA3F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1BB48D29-F1B7-4333-AF8C-663BFF64A998} - System32\Tasks\{7951F4B9-0E75-4BB2-9157-04B10EA0855B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1D135955-B338-4F1C-A7FB-461A1D98E304} - System32\Tasks\{9C5C0DF1-3698-40DF-BCD8-C9F729830DAC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1D24D5AB-1FBD-4184-A3E1-9078A3A27DAE} - System32\Tasks\{58DC9169-F145-4DD9-9AAB-F32008ACF7FF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1EC5A7B1-EE45-4F57-AB84-07073F267A46} - System32\Tasks\{A884330D-0600-406B-A463-3781CC7D23A6} => F:\start.exe
Task: {1FA949F2-988A-4BD2-A851-CE183A2A1CBC} - System32\Tasks\{63AEC17A-98CA-46BC-8F83-07CD50B1C48E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1FF8CDD7-168A-4FF6-8483-484D69860586} - System32\Tasks\{A2269C16-0FAF-4162-95A1-95F1CCCAD1AA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {20158495-F339-4BD5-9C7B-A132A3B2B755} - System32\Tasks\{1415119E-C51A-44DF-8373-BE60E69CE22F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {252050CC-5EF3-4E9B-9B98-715A5B19B44A} - System32\Tasks\{B896B73B-5747-4284-8DF2-9DC63E1AAD5B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {25E43492-2D29-4734-8CD8-CC043EC8326D} - System32\Tasks\{500CCA07-8451-40BB-BECD-47DDBCD46094} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {264EF608-4776-468A-96D1-CA36FDB97CF6} - System32\Tasks\{E8C9743A-D863-4501-8D70-73D2D31EFB9C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2920A244-5647-484D-960A-D67FCE4B4DD4} - System32\Tasks\{340C4676-5269-4A7E-8723-7273685FD7B7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2BE7B85C-8B39-4290-A59E-9A3E29B955FF} - System32\Tasks\{29A1F324-E0C0-4BF4-9FF5-F4248DBEB6C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2DBC2DAF-3A5A-4D65-A9EA-DC82169C5B3C} - System32\Tasks\{E61EAAA3-365C-46BB-AA94-2A8EE0C8C475} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2EFEA576-0F7E-421C-8CDA-B62840DC9E21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {315D107B-4C93-4159-AF8C-93BFD3189AC0} - System32\Tasks\{C18C2437-C34D-4992-BC16-2898F6838B07} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {32AC7194-E5A1-4663-86BA-F0D04425DF3A} - System32\Tasks\{5961F6D3-F58B-40E2-A7EF-46A95E9A28A8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {32ECBDEC-47AD-4D48-9AB2-1CF954983AC9} - System32\Tasks\{B811D5FB-2882-4CED-869A-03B3533EF626} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {338ADC10-A7F6-4E42-B84E-6092D779ACA1} - System32\Tasks\{2F1F26B5-535F-4F23-BD42-C0DFBC9D086C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {34D7A95C-741E-46C6-9B3E-B442A9619275} - System32\Tasks\{9B532C16-B883-48FB-BE99-3D5B7F22CB17} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {360195C2-FBE7-4D46-B9C3-D6DF0B8638F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {3A88CD16-767F-40F9-BCDD-B2922A2EC41D} - System32\Tasks\{FD8F23B3-C048-42AA-BFEE-E6938A115742} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3ED2D83C-1C6B-4B28-8296-A28B508A68DF} - System32\Tasks\{E74799DA-2836-414B-9A54-17327A6AE738} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {433C7E62-B415-4483-AD5B-91B19F5C0E21} - System32\Tasks\{407BCB03-AC40-4293-A02A-DEFC8FDA9BFB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {43D2E67E-4015-43CD-BDEF-1B5A93F802E3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {45D652A1-BB62-48A9-9AC6-66D31577EF6C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {47433119-CA72-4FAD-8C8E-D45883A4E364} - System32\Tasks\{CC22CF67-FA61-4747-833D-932FD1967287} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {49A2BB31-C699-450D-9315-90D76427DBCF} - System32\Tasks\{E79375AB-9CC4-4509-A11F-55B46EEDD8C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4A12A552-DC60-4AED-96BC-455A56986D1A} - System32\Tasks\{FBDEDB5A-2652-4F75-9F9C-AE730451F1EF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4D6AFDA4-8E6E-4F4A-8F22-DB7AB2F48401} - System32\Tasks\{B0B931FA-C157-4281-AF5A-2207968DC677} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4D98E336-647A-4E0C-893B-C5B022ADA48E} - System32\Tasks\{0EA16D1B-2FC2-4ABA-8B9C-8CFFAA5492C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4DBD1F16-C1CB-496C-BDA7-D583DE125479} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5018B95F-D554-499E-9328-872E453EAB02} - System32\Tasks\{32FAFB6E-B2A7-4C90-9FD1-EF9E16FCACE0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5350AEAE-7DAB-4B09-AA35-AAF083032B25} - System32\Tasks\{212080C6-5929-46DE-81F7-B7E20F3E2974} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5860AF3A-4024-4CA3-ADD4-0606F48E7A80} - System32\Tasks\{CF0794F4-B600-4376-9A5C-998DE03CAA5C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5BB40BDD-DA28-48EB-B95B-1C660EB36FA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {5EB68CD5-A7BC-4CDF-8AA6-36884ECC02B1} - System32\Tasks\{8C228039-3D64-45EF-94A5-D7F11E205188} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {62CAB437-5A53-42F6-BA41-2F318F3D4227} - System32\Tasks\{9B2DDFFD-0542-408B-AF05-E797513AF66D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {62CC36B2-8810-4954-B498-2C5711251510} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {65039A32-340C-4068-8103-310E9833875F} - System32\Tasks\{50C47D36-89E1-400B-B617-7D53D9114EB5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.156/de/go/help.faq.installer?LastError=1603
Task: {67CF3541-98FA-4258-B3DD-FDB1D97B6FC2} - System32\Tasks\{9B4DD672-A990-4D11-966D-904120040F36} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {68D83132-8564-4712-A8CB-761C10CF8B7A} - System32\Tasks\{2D3ECD9C-E4B4-42C9-AD1A-77535FA0C631} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6B1813F5-C351-4912-9584-D2BF56338632} - System32\Tasks\{A79002F6-4D45-40B2-BF56-E3043A64D254} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6DCE5814-8855-43F5-848A-409526D56646} - System32\Tasks\{10DE2AE1-6686-42F8-A7C6-503392F8C2F3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7454124D-3C76-48B1-BE92-2460020AB0F6} - System32\Tasks\{22752CAD-F51A-4459-B799-9C99DD372775} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {74BDE0A7-0C65-4AAC-8086-5A301A305F46} - System32\Tasks\{5569CB0B-9F32-4F58-9220-ACE7BCC132C4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {768D7B45-2513-4B31-B192-15FBDDA73A8C} - System32\Tasks\{F4AD64F4-2A66-43C6-9FA5-1C7F0D179015} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7AB1D45D-3EC9-4571-955B-C8C2CDC068A5} - System32\Tasks\{54741957-8223-44AE-A9FD-1808A8A5C98F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7E1F1E9C-DC2D-4B46-8281-3506A4F80873} - System32\Tasks\{14A5B928-D0AE-4B18-BFA3-EA1599582BDA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EC37A49-D188-4F22-969E-ADA600A7CE62} - System32\Tasks\{866EA69B-C105-4905-BF49-C62D4B9AB6CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7FFBF07F-EE07-4625-81DE-912F11C5EFA1} - System32\Tasks\{5D26E6A3-F0DD-4AE0-9C49-6865B3340605} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {81086238-3B57-4A5F-A0CA-074FC304CC1B} - System32\Tasks\{26E56767-8063-4BDE-9D9D-C591D68F608B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83897B85-A1ED-441E-A68F-4AB36ACBB105} - System32\Tasks\{2F9787E1-5810-4CD8-A781-5652B49F660B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {88CCE714-3AB1-428D-A5D3-302E8D1D0479} - System32\Tasks\{D096FFE4-214E-4283-9D8D-C14BE7659A7B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {894B6ED0-686A-40BB-A1AD-7CDAA33CFCA4} - System32\Tasks\{23E365D3-9C7D-41AE-8A0B-07493B6E8F26} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {89D2ED3F-09C7-4A81-9A76-132B2FF74D15} - System32\Tasks\{A84E0C00-7BAE-489D-A898-B23101892AAC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8EE63C52-584E-4423-BC9D-C46A7A1F2BA8} - System32\Tasks\{24E7787A-919B-4182-B634-DDD60ED140C1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8FAAF8D0-55AD-4DC3-9BF6-B43556F3E76A} - System32\Tasks\{A478CC2D-2F1C-431B-8D7A-4F01AB03AF9D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {93B56DA8-B72A-4037-8CC9-221D30DFFE7F} - System32\Tasks\{E9ABF46C-B1E5-44A6-9AF4-0A600E94455C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {972DC1A0-3833-4268-BB75-0FA18CA3F532} - System32\Tasks\{6000FAF7-333B-4C07-AEC1-400511ED8D71} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9BA9BED2-CC38-491E-9630-5DD752A958E4} - System32\Tasks\{258F3BAA-F26E-4D5A-B545-FA8011668AE1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9E80280B-43D1-47DB-8010-771D4899E387} - System32\Tasks\{7C91331B-E894-4738-91D9-96968B1CB473} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9F7C4180-DA72-4D69-99D0-4DBCA13CA514} - System32\Tasks\{A77D0EB2-62DE-4AEF-838A-CD340C81A382} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9F83A976-9305-4ED2-9C63-66FEB064AFB3} - System32\Tasks\{BD1ADA57-D3C2-46FA-B64D-66FBC735699B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A32BFC16-91AF-42AC-AB5C-BC2565AD279E} - System32\Tasks\{26158B8E-A45F-45B7-A651-A1EABA7AC757} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A854693B-F487-42C1-8570-95C713EF9A09} - System32\Tasks\{14E02B9C-1587-4341-82C0-310E811809D1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AAFA6AE1-73FE-42DA-9292-491E893A6279} - System32\Tasks\{E4223426-E51B-454C-BB8C-C7216137971D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABB82F72-D8EC-4436-BB54-B2451C5E6832} - System32\Tasks\{FAC53F0B-4F7B-4699-AD14-7501B6F893E6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AD12D363-B0B1-4692-88BA-BAF5BC488FF3} - System32\Tasks\{E2BBEB6F-839E-45E6-B9C3-BE33DA727230} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AFB005F1-CD22-405F-8263-8AE0762166FD} - System32\Tasks\{BD49BD03-7BD4-418E-9266-0ACF0185BD0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AFF86BB7-B691-42EE-8BEE-89D48995DA54} - System32\Tasks\{938FCCBB-F0C8-4870-94DF-99ED4AB0F7AE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B4F746C8-1E45-41A3-AC68-8361F002C238} - System32\Tasks\{7E1CBFF3-9DDB-42D9-8AB9-5209121986DF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BC44E3DA-70FE-4006-942A-D386B142D73A} - System32\Tasks\{AD4E9FDE-0490-4BE3-BA9F-514AE247D0E8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BCB9AF4D-AE71-409F-8FB5-C8940924976C} - System32\Tasks\{A7341891-6505-4647-A4CA-137911390498} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BD66042D-594F-4303-9126-0CE0F79D2725} - System32\Tasks\{1C2C5D04-9D44-4A06-B0E4-9D7FC3F7329B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BEB49C30-4C25-4E32-BA5C-E284495E5EC1} - System32\Tasks\{0133693A-FCCF-4748-9840-708C76F2DD68} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C4CF6927-A7E8-4523-B534-D16518666D07} - System32\Tasks\{F92F6431-C274-4251-AA30-386095962231} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C88DF769-0FF6-48BD-9C86-F09C8FAA062E} - System32\Tasks\{C1CEB6F7-89E9-4F0D-84A2-EE7CBB5CBD41} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C8FCE67D-6853-4441-92A7-DF427F7EFC38} - System32\Tasks\{E701894D-0E97-4B36-9C08-FDACC83F7965} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CB3BBABA-74E8-4FCA-BD8A-F415BAC72337} - System32\Tasks\{F5B2E26A-25B5-4861-B3F8-EF69E785D77B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D1A00AD7-0374-43AA-8655-D7F42A52D79B} - System32\Tasks\{70FAFC31-1488-4727-A37F-1D96EEBBF273} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D3DF6AA6-60E6-4955-9BC3-54ED89C429A4} - System32\Tasks\{23D47B7E-9319-4827-B78A-03A957960B77} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D5CFCCC6-B410-47B3-81BA-3E491A490DFC} - System32\Tasks\{E0DA3775-6208-40D3-B268-C98EBC2F0AA7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D70E5447-2267-4E68-B82A-3B0902670D1D} - System32\Tasks\{4CFF867B-55CA-46AD-AD4F-4ACA3417FF95} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D9955BB2-F806-43C7-8672-D53035DB7DE7} - System32\Tasks\{C4D20322-5241-4922-8A4F-F7103CB7FCA2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DB6FB333-13BC-4F44-B469-D8977364D9AF} - System32\Tasks\{82190D64-856D-4C6C-922D-9FAD8508D542} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DC3A8DAE-3025-4235-B06C-CACC3F1DAC46} - System32\Tasks\{5FCCF188-5E78-416C-9C3B-8F77C09A296F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DFA2A019-9012-4F82-AA55-9E2082015A6F} - System32\Tasks\{F6B0E881-8256-46A9-851D-019FF64777E0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DFE32EBF-BC22-47EF-989F-017CDC1CD557} - System32\Tasks\{C78CB3F7-F879-4160-8030-7B495AF20E9D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0537DCC-1C74-4979-B1AC-9735AC48A0F2} - System32\Tasks\{E62BE221-C8DF-463B-8C86-66EBA86EAD75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E05B0FAA-4811-457D-BB42-E0709E74972E} - System32\Tasks\{7F8A4CF5-3201-4A1B-B2FA-9AC16E3BEE9F} => F:\start.exe
Task: {E4BA596F-75F1-4FCC-AA90-5E600894A374} - System32\Tasks\{6A6F3FEC-B4E1-405E-A6E1-DCA44CFB5AC6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E5C598C8-6D30-4FBA-A628-5FCA9E6048FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E8CC40CE-6EFF-49D7-95C9-BC56FEC7E2AF} - System32\Tasks\{037E02E9-A76C-4F84-89DD-4E2F0B0D9E7A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EB22EA8E-27B3-4314-B75B-881FF591B8F4} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com                                         )
Task: {EDFF8696-4534-4CCB-AC7D-8E24D513B566} - System32\Tasks\{EC7BC8B8-DB6E-4922-AC9D-EEC1BA683CFD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EF36D4D7-637D-4434-8F14-6B6DBDC91565} - System32\Tasks\{0682FF32-2154-42A8-91DE-5AFCA7DB9567} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F1A476C3-B8D9-42B3-886B-AED7F7A202D2} - System32\Tasks\{A00505E4-D661-4141-B011-480897885026} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F381297E-60A2-4BBA-869F-417CF295023F} - System32\Tasks\{174453ED-C233-4836-B901-8F84E2082318} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6020FC9-3581-4CB2-A979-DCE832378F89} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-07-21] (CHIP)
Task: {F65E2DFD-9C18-47E3-94C8-34F1868E68B9} - System32\Tasks\{D8F1289F-773D-44FE-8D38-2128F77B04D9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FAE771E8-A44D-4A7A-AA6F-595C4C1445A3} - System32\Tasks\{D15DDE50-23F6-4253-A542-9A0959B6A031} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FF0A274D-7A1F-4090-91E3-23155B5CFB97} - System32\Tasks\{21A4FF98-6035-476D-BD04-DF87A673BACC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-16 16:45 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-16 19:08 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-03-19 22:38 - 2014-03-19 22:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-08 22:11 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-08 22:11 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-08 22:11 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-08 22:11 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-08 22:11 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-22 07:04 - 2014-07-12 02:53 - 01116672 _____ () D:\Steam\libavcodec-55.dll
2014-04-23 05:54 - 2014-07-12 02:53 - 00438784 _____ () D:\Steam\libavutil-53.dll
2014-05-22 07:04 - 2014-07-12 02:53 - 00399360 _____ () D:\Steam\libavformat-55.dll
2014-01-08 15:36 - 2014-07-12 02:53 - 00331264 _____ () D:\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () D:\Steam\SDL2.dll
2014-05-22 07:04 - 2014-07-16 04:28 - 02139328 _____ () D:\Steam\video.dll
2014-05-22 07:04 - 2014-04-29 02:37 - 00519168 _____ () D:\Steam\libswscale-2.dll
2012-02-03 21:18 - 2014-07-16 04:28 - 01116864 _____ () D:\Steam\bin\chromehtml.DLL
2012-02-03 21:18 - 2014-05-02 01:35 - 20628160 _____ () D:\Steam\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-12 19:08 - 2012-05-10 16:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 23:19 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 07:00:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/03/2014 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sacredcitadel.exe, Version: 1.0.0.0, Zeitstempel: 0x516d1f3c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x03c00000
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xsacredcitadel.exe0
Pfad der fehlerhaften Anwendung: sacredcitadel.exe1
Pfad des fehlerhaften Moduls: sacredcitadel.exe2
Berichtskennung: sacredcitadel.exe3

Error: (08/03/2014 08:30:09 AM) (Source: MsiInstaller) (EventID: 11721) (User: Rechner)
Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5

Error: (08/02/2014 09:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Reckoning.exe, Version: 1.0.0.2, Zeitstempel: 0x4f32c2cf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e31
ID des fehlerhaften Prozesses: 0x1748
Startzeit der fehlerhaften Anwendung: 0xReckoning.exe0
Pfad der fehlerhaften Anwendung: Reckoning.exe1
Pfad des fehlerhaften Moduls: Reckoning.exe2
Berichtskennung: Reckoning.exe3

Error: (07/30/2014 06:00:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 36.0.1985.125 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1464

Startzeit: 01cfac0e6b300595

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 8d13c0c2-1802-11e4-8cc9-902b34a47824

Error: (07/28/2014 11:42:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a
Name des fehlerhaften Moduls: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0013e4b7
ID des fehlerhaften Prozesses: 0x930
Startzeit der fehlerhaften Anwendung: 0xCascade.exe0
Pfad der fehlerhaften Anwendung: Cascade.exe1
Pfad des fehlerhaften Moduls: Cascade.exe2
Berichtskennung: Cascade.exe3

Error: (07/27/2014 11:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a
Name des fehlerhaften Moduls: Cascade.exe, Version: 0.0.0.0, Zeitstempel: 0x4aaf585a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0013e4b7
ID des fehlerhaften Prozesses: 0x14cc
Startzeit der fehlerhaften Anwendung: 0xCascade.exe0
Pfad der fehlerhaften Anwendung: Cascade.exe1
Pfad des fehlerhaften Moduls: Cascade.exe2
Berichtskennung: Cascade.exe3

Error: (07/27/2014 07:00:07 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/26/2014 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: One Finger Death Punch.exe, Version: 1.0.0.0, Zeitstempel: 0x5343e170
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x3bc
Startzeit der fehlerhaften Anwendung: 0xOne Finger Death Punch.exe0
Pfad der fehlerhaften Anwendung: One Finger Death Punch.exe1
Pfad des fehlerhaften Moduls: One Finger Death Punch.exe2
Berichtskennung: One Finger Death Punch.exe3

Error: (07/26/2014 04:09:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: One Finger Death Punch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.ThrowHelper.ThrowArgumentOutOfRangeException()
   bei System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(Int32)
   bei One_Finger_Death_Punch.Game1.Man_Draw()
   bei One_Finger_Death_Punch.Game1.Play_Draw()
   bei One_Finger_Death_Punch.Game1.Draw(Microsoft.Xna.Framework.GameTime)
   bei Microsoft.Xna.Framework.Game.DrawFrame()
   bei Microsoft.Xna.Framework.Game.Tick()
   bei Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs)
   bei Microsoft.Xna.Framework.GameHost.OnIdle()
   bei Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame()
   bei Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Microsoft.Xna.Framework.WindowsGameHost.Run()
   bei Microsoft.Xna.Framework.Game.RunGame(Boolean)
   bei Microsoft.Xna.Framework.Game.Run()
   bei One_Finger_Death_Punch.Program.Main(System.String[])


System errors:
=============
Error: (08/03/2014 09:35:56 AM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\F503.tmp durchführen.

Error: (08/03/2014 09:35:56 AM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\EBE8.tmp durchführen.

Error: (08/03/2014 09:35:55 AM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\DD5D.tmp durchführen.

Error: (08/03/2014 09:35:53 AM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume2\Users\Michael\Downloads\7829.tmp durchführen.

Error: (08/03/2014 08:33:12 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{44CD44C4-470A-4BC3-9733-77DDC892B05C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (08/03/2014 08:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/03/2014 08:19:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 08:19:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/03/2014 01:17:49 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/03/2014 01:17:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (08/03/2014 07:00:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (08/03/2014 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sacredcitadel.exe1.0.0.0516d1f3cunknown0.0.0.000000000c000000503c0000016f401cfaf36475aa9a0D:\Steam\steamapps\common\sacred_citadel\sacredcitadel.exeunknown71f6df07-1b2b-11e4-8b71-902b34a47824

Error: (08/03/2014 08:30:09 AM) (Source: MsiInstaller) (EventID: 11721) (User: Rechner)
Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 09:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reckoning.exe1.0.0.24f32c2cfntdll.dll6.1.7601.18247521ea8e7c000000500039e31174801cfae869bfc2259D:\Steam\steamapps\common\KOAReckoning\Reckoning.exeC:\Windows\SysWOW64\ntdll.dll457f050d-1a7f-11e4-8011-902b34a47824

Error: (07/30/2014 06:00:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.125146401cfac0e6b3005956C:\Program Files (x86)\Google\Chrome\Application\chrome.exe8d13c0c2-1802-11e4-8cc9-902b34a47824

Error: (07/28/2014 11:42:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Cascade.exe0.0.0.04aaf585aCascade.exe0.0.0.04aaf585ac00000050013e4b793001cfaaa4d50aaa90D:\Steam\steamapps\common\Droplitz\Cascade.exeD:\Steam\steamapps\common\Droplitz\Cascade.exe0dce6fd3-16a0-11e4-8e9e-902b34a47824

Error: (07/27/2014 11:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Cascade.exe0.0.0.04aaf585aCascade.exe0.0.0.04aaf585ac00000050013e4b714cc01cfa9da25aabe81D:\Steam\steamapps\common\Droplitz\Cascade.exeD:\Steam\steamapps\common\Droplitz\Cascade.exed5df23c8-15d8-11e4-9533-902b34a47824

Error: (07/27/2014 07:00:07 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/26/2014 04:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: One Finger Death Punch.exe1.0.0.05343e170KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d3bc01cfa8d905576951D:\Steam\steamapps\common\One Finger Death Punch\One Finger Death Punch.exeC:\Windows\syswow64\KERNELBASE.dll7dafe5cc-14ce-11e4-80d5-902b34a47824

Error: (07/26/2014 04:09:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: One Finger Death Punch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.ThrowHelper.ThrowArgumentOutOfRangeException()
   bei System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(Int32)
   bei One_Finger_Death_Punch.Game1.Man_Draw()
   bei One_Finger_Death_Punch.Game1.Play_Draw()
   bei One_Finger_Death_Punch.Game1.Draw(Microsoft.Xna.Framework.GameTime)
   bei Microsoft.Xna.Framework.Game.DrawFrame()
   bei Microsoft.Xna.Framework.Game.Tick()
   bei Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs)
   bei Microsoft.Xna.Framework.GameHost.OnIdle()
   bei Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame()
   bei Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Microsoft.Xna.Framework.WindowsGameHost.Run()
   bei Microsoft.Xna.Framework.Game.RunGame(Boolean)
   bei Microsoft.Xna.Framework.Game.Run()
   bei One_Finger_Death_Punch.Program.Main(System.String[])


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8153.19 MB
Available physical RAM: 4971.29 MB
Total Pagefile: 16347.37 MB
Available Pagefile: 12777.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:4.83 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:127.77 GB) NTFS
Drive e: (MANAGER12) (CDROM) (Total:6.87 GB) (Free:0 GB) CDFS
Drive f: (H4Complete) (CDROM) (Total:7.25 GB) (Free:0 GB) CDFS
Drive g: (Volume) (Fixed) (Total:465.76 GB) (Free:144.63 GB) NTFS
Drive h: (VERBATIM) (Fixed) (Total:465.65 GB) (Free:243.78 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 43804506)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 89548954)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 468F633A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

==================== End Of Log ============================
         
__________________

Alt 04.08.2014, 10:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.08.2014, 21:52   #5
Harmian
 
Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Hallo schrauber,

danke für die Antwort.

Zunächst:
Gestern Abend habe ich aus Ungeduld nach Lösungsstrategien gesucht und den den Virenbefall rekonstruiert. Das ursprüngliche Problem war die Langsamkeit meines Browsers Chrome.
Von einer Seite mit 100% webtrust "w*w.dieviren.de" habe ich unter einer entsprechenden Unterseite mir die Scareware SPYHUNTER runtergeladen, installiert und ausgeführt ... .

Danach traten die größeren Probleme mit der Weiterleitung und der Anfrage der Kopierung der Kontaktdaten aus Thunderbird auf (btw. wurde noch keine Mail glücklicherweise verschickt.)

Danach habe ich nach Threads zum Spyhunter gesucht und die dort aufgeführten Anweisungen befolgt, aber ausschließlich Schritte, vor denen nicht expliziert gewarnt wurden.

So habe ich gestern abend vor combofix folgende Programme ausgeführt: SpyHunterKiller; AdwCleaner; JunkRemovalTool

Danach kam es nicht mehr zu Weiterleitungen oder Thunderbird-Benachrichtigungen.

Die Logs sind wie folgt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Michael on 03.08.2014 at 21:21:33,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296218438-4040402403-1704041965-1001\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.08.2014 at 21:26:41,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 21:08:45
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Michael - RECHNER
# Gestartet von : C:\Users\Michael\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : AppleChargerSrv

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Michael\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Windows\System32\AppleChargerSrv.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5ce8cd1bd6aef17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [4670 octets] - [03/08/2014 21:07:38]
AdwCleaner[S0].txt - [4425 octets] - [03/08/2014 21:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4485 octets] ##########
         
____
____
____
____
____
____
Combofix

Ich habe Combofix ausgeführt und es kam in laufe des scans zu einigen Fehlermeldungen. Wie folgt:

Vorbereitung:
NIRCMDC 1*
NIRKMD 7*
NIRCMD 2*
MIRCMD.ECE 1*

Während der Einzelschritte 1, 2, 3, 4, 5, 6, 6A, 7, 8, 9, 10, 15, 16, 17, 19B, 20, 21, 22, 23, 25, 27, 29, 30, 31, 32, 32A, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 50 kam es zu Fehlern durch die fehlende MIRKMD

Im Find3M Schritt
NIRCMB 3* fehlend
NircmdB.exe 1* fehlend
NIRKMD 7* fehlend
NIRCMB 1* fehlend
___
Text "Log wird geöffnet"

NIRKMD 2* fehlend
___
Log geöffnet

NIRCMD.exe 1*fehlend
NIRKMD 2* fehlend
NIRCMD.exe 1*fehlend

Hier das Log

Code:
ATTFilter
ComboFix 14-08-05.01 - Michael 04.08.2014  21:54:50.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8153.5640 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Downloads\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
SP: Sophos Anti-Virus *Enabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
D:\install.exe
D:\setup.exe
D:\Uninstall.exe
D:\WinRAR.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-04 bis 2014-08-04  ))))))))))))))))))))))))))))))
.
.
2014-08-04 19:59 . 2014-08-04 19:59	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-04 19:59 . 2014-08-04 19:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-04 19:51 . 2014-08-04 19:53	--------	d-----w-	C:\32788R22FWJFW
2014-08-03 20:10 . 2014-08-04 17:47	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 20:10 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-03 20:10 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 20:10 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-03 19:21 . 2014-08-03 19:21	--------	d-----w-	c:\windows\ERUNT
2014-08-03 19:08 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-03 19:07 . 2014-08-03 19:19	--------	d-----w-	C:\AdwCleaner
2014-08-03 18:39 . 2014-08-03 18:40	--------	d-----w-	C:\FRST
2014-08-03 17:59 . 2014-08-03 17:59	--------	d-----w-	c:\users\Michael\AppData\Roaming\Abelssoft
2014-08-03 17:59 . 2014-08-03 17:59	--------	d-----w-	c:\programdata\XDMessagingv4
2014-08-03 17:59 . 2014-08-03 17:59	--------	d-----w-	c:\users\Michael\AppData\Local\Abelssoft
2014-08-03 17:59 . 2014-08-03 19:18	--------	d-----w-	c:\program files (x86)\CHIP Updater
2014-08-03 07:19 . 2014-08-03 07:19	--------	d-----w-	c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 07:18 . 2014-08-03 07:18	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-01 22:21 . 2014-08-01 22:21	--------	d-----w-	c:\users\Michael\AppData\Local\BigHugeEngine
2014-08-01 15:58 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B0AD7BD-7AEF-4CAE-A7DC-CBB03C3F150D}\mpengine.dll
2014-07-28 19:09 . 2014-07-28 19:09	--------	d-----w-	c:\users\Michael\AppData\Local\THQ
2014-07-28 19:09 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2014-07-28 19:09 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2014-07-28 19:09 . 2008-07-12 06:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2014-07-28 19:09 . 2008-07-12 06:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2014-07-28 19:09 . 2008-07-12 06:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2014-07-27 20:34 . 2014-07-27 20:34	--------	d-----w-	c:\users\Michael\AppData\Roaming\Atlus
2014-07-27 20:10 . 2014-08-02 09:25	--------	d-----w-	c:\program files (x86)\GOG.com
2014-07-22 15:53 . 2014-07-22 15:53	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-07-16 18:07 . 2014-08-01 20:54	--------	d-----w-	c:\users\Michael\AppData\Local\Game Dev Tycoon - Steam
2014-07-15 15:28 . 2014-07-15 15:28	--------	d-----w-	c:\program files (x86)\Common Files\3DO Shared
2014-07-15 15:28 . 2014-07-15 15:28	--------	d-----w-	c:\program files (x86)\3DO
2014-07-15 15:25 . 2014-07-15 15:25	--------	d-----w-	c:\program files (x86)\directx
2014-07-12 07:52 . 2014-07-12 07:52	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-07-12 07:17 . 2014-07-12 07:17	--------	d-----w-	c:\users\Michael\AppData\Local\Risen2
2014-07-09 12:39 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-09 12:39 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-09 12:39 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:02 . 2012-02-04 13:31	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-09 11:27 . 2012-04-01 14:20	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 11:27 . 2012-02-03 23:15	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-06 05:43 . 2014-06-06 05:43	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-06 05:43 . 2014-06-06 05:43	313256	----a-w-	c:\windows\system32\javaws.exe
2014-06-06 05:43 . 2014-06-06 05:43	191400	----a-w-	c:\windows\system32\javaw.exe
2014-06-06 05:43 . 2014-06-06 05:43	190888	----a-w-	c:\windows\system32\java.exe
2014-05-20 17:36 . 2014-05-20 17:36	38144	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2014-05-20 17:34 . 2014-05-20 17:34	27904	----a-w-	c:\windows\system32\drivers\SophosBootDriver.sys
2014-05-20 17:34 . 2014-05-20 17:34	176120	----a-w-	c:\windows\system32\sdccoinstaller.dll
2014-05-20 17:34 . 2014-05-20 17:38	35624	----a-w-	c:\windows\system32\SophosBootTasks.exe
2014-05-20 17:33 . 2014-05-20 17:33	158976	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2014-05-08 09:32 . 2014-06-11 03:31	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 03:31	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2014-07-16 1753280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"THPanel"="c:\program files (x86)\Thunder Master\THPanel.exe" [2012-07-13 2050416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21415040]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2014-05-20 1617704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;d:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;d:\svrtservice.exe;d:\SVRTservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;g:\ malwarebytes anti-malware \mbamscheduler.exe;g:\ malwarebytes anti-malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;g:\ malwarebytes anti-malware \mbamservice.exe;g:\ malwarebytes anti-malware \mbamservice.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 21:17	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:27]
.
2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28 17:08]
.
2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28 17:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-18 12489360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.google.com
IE: An OneNote s&enden - d:\office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - d:\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - d:\office14\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1296218438-4040402403-1704041965-1001\Software\SecuROM\License information*]
"datasecu"=hex:34,18,f1,55,8c,63,a6,c9,ef,8b,eb,cc,9b,7b,fe,70,4e,bc,e8,bc,89,
   8e,08,3f,15,a8,14,e4,93,dd,81,35,9b,28,3a,83,2f,a6,f3,ea,96,ca,a9,28,25,43,\
"rkeysecu"=hex:80,06,e3,30,0c,e6,fd,f5,c4,e3,cf,5e,29,10,76,25
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-04  22:02:07
ComboFix-quarantined-files.txt  2014-08-04 20:02
.
Vor Suchlauf: 5.921.710.080 Bytes frei
Nach Suchlauf: 5.771.444.224 Bytes frei
.
- - End Of File - - 20E3115883D49331434E3A0E1BC6536F
A36C5E4F47E84449FF07ED3517B43A31
         
Vor dem Suchlauf habe ich meine Antivirensoftware so gut wie möglich versucht zu deaktivieren.

--------

Ich hoffe, ich konnte Ihnen damit helfen.

Ich werde nun diesbezüglich nicht mehr auf eigene Faust handeln. Thunderbird enthält sensible Daten, teils Geschäftsadressen und ich habe für den Fall einer "Viagramailingaktion" einen Ruf zu verlieren ... . Daher habe ich etwas überstürzt reagiert.

Danke!


Zum Abschluss: Während der Erstellung dieses Posts hat Chrome mich gefragt, ob ich die "gesicherte Verbindung verlassen möchte". Ich habe "Ablehnen" gewählt.


Geändert von Harmian (04.08.2014 um 22:09 Uhr)

Alt 05.08.2014, 17:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Delta-Toolbar, Downloadsponsor etc.

Alt 05.08.2014, 22:42   #7
Harmian
 
Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Hallo schrauber,

nochmal danke für die Hilfe.

ESET läuft nun schon seit 2 1/2 Stunden und kriecht erst bei 55% rum. Ich werde die .logs daher erst morgen Abend posten können.

Schönen Gruß,

harmian

Alt 06.08.2014, 15:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.08.2014, 17:16   #9
Harmian
 
Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Hallo schrauber,

anbei die logs.

ESET. 3 "Bedrohungen" wurden gefunden.

H:// ist btw. meine externe Festplatte, die ich als backup verwende.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4aff097c45751489e75ad66b6bcfd85
# engine=19515
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-08-05 10:17:19
# local_time=2014-08-06 12:17:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12629 158906888 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 98 12636 58969272 0 0
# scanned=340802
# found=3
# cleaned=0
# scan_time=10087
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michael\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=3DEE227509944304A6F3F7F47C1A32F8CA0FB2E8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\RECHNER\Backup Set 2012-02-19 190000\Backup Files 2012-02-19 190000\Backup files 6.zip"
         
SecurityCheck
Nach dem ESET Scan habe ich Firewall und Virenschutz wieder aktiviert. D.h. diese waren bei dem SecurityCheck Scan aktiv.
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 mbamscheduler.exe    
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und die FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Michael (administrator) on RECHNER on 06-08-2014 18:10:26
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation) G:\ Malwarebytes Anti-Malware \mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21415040 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1296218438-4040402403-1704041965-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x913AA730ACE2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "https://www.google.de/?gws_rd=ssl"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - D:\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-04]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (ModHeader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2013-04-23]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-09] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-19] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-20] (Sophos Limited)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:10 - 2014-08-06 18:10 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-06 18:10 - 2014-08-06 18:10 - 00019633 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-06 18:03 - 2014-08-06 18:03 - 00854410 _____ () C:\Users\Michael\Downloads\SecurityCheck.exe
2014-08-05 21:05 - 2014-08-05 21:05 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe
2014-08-04 22:25 - 2014-08-04 22:25 - 00021177 _____ () C:\Users\Michael\Desktop\ComboFix2.txt
2014-08-04 22:24 - 2014-08-04 22:24 - 00021177 _____ () C:\ComboFix.txt
2014-08-04 22:15 - 2014-08-04 22:25 - 00000000 ____D () C:\ComboFix
2014-08-04 22:06 - 2014-08-04 22:06 - 00021481 _____ () C:\Users\Michael\Desktop\ComboFix1.txt
2014-08-04 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-04 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-04 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-04 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-04 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-04 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-04 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-04 21:51 - 2014-08-04 22:25 - 00000000 ____D () C:\Qoobox
2014-08-04 21:51 - 2014-08-04 22:15 - 00000000 ____D () C:\32788R22FWJFW
2014-08-04 21:51 - 2014-08-04 22:00 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:50 - 2014-08-04 21:50 - 05567674 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-08-04 17:07 - 2014-08-04 17:15 - 00064000 _____ () C:\Users\Michael\Desktop\Auswertung 2  20140803.xls
2014-08-04 16:57 - 2014-08-04 17:15 - 00066048 _____ () C:\Users\Michael\Desktop\Auswertung 1  20140803.xls
2014-08-03 22:53 - 2014-08-03 21:38 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140803-225316.backup
2014-08-03 22:10 - 2014-08-06 17:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 22:10 - 2014-08-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 22:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 21:26 - 2014-08-03 21:26 - 00000951 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-08-03 21:21 - 2014-08-03 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 21:19 - 2014-08-03 21:19 - 00004641 _____ () C:\Users\Michael\Desktop\AdwCleaner[S0].txt
2014-08-03 21:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 21:07 - 2014-08-03 21:19 - 00000000 ____D () C:\AdwCleaner
2014-08-03 21:07 - 2014-08-03 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-03 20:39 - 2014-08-06 18:10 - 00000000 ____D () C:\FRST
2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-08-03 19:59 - 2014-08-03 21:18 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-03 19:59 - 2014-08-03 21:18 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat
2014-08-03 00:42 - 2014-08-03 00:43 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel
2014-08-02 20:54 - 2014-08-02 20:55 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe
2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine
2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ
2014-07-28 21:09 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-28 21:09 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus
2014-07-27 22:10 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-16 20:07 - 2014-08-01 22:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam
2014-07-15 17:30 - 2014-07-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx
2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2
2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5
2014-07-09 14:40 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 14:40 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:40 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:40 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:39 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:39 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:39 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:10 - 2014-08-06 18:10 - 02094080 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-06 18:10 - 2014-08-06 18:10 - 00019633 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-06 18:10 - 2014-08-03 20:39 - 00000000 ____D () C:\FRST
2014-08-06 18:03 - 2014-08-06 18:03 - 00854410 _____ () C:\Users\Michael\Downloads\SecurityCheck.exe
2014-08-06 17:52 - 2014-08-03 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 17:43 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:43 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:40 - 2012-02-03 20:53 - 02072672 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 17:36 - 2013-12-19 11:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\LogMeIn Hamachi
2014-08-06 17:36 - 2012-02-04 15:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-08-06 17:35 - 2014-06-28 19:08 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 17:35 - 2013-12-21 08:03 - 00014188 _____ () C:\Windows\setupact.log
2014-08-06 17:35 - 2012-02-04 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 07:27 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 07:14 - 2014-06-28 19:08 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 21:05 - 2014-08-05 21:05 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe
2014-08-05 20:39 - 2014-02-06 12:47 - 00192638 _____ () C:\Windows\PFRO.log
2014-08-04 22:25 - 2014-08-04 22:25 - 00021177 _____ () C:\Users\Michael\Desktop\ComboFix2.txt
2014-08-04 22:25 - 2014-08-04 22:15 - 00000000 ____D () C:\ComboFix
2014-08-04 22:25 - 2014-08-04 21:51 - 00000000 ____D () C:\Qoobox
2014-08-04 22:24 - 2014-08-04 22:24 - 00021177 _____ () C:\ComboFix.txt
2014-08-04 22:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-04 22:15 - 2014-08-04 21:51 - 00000000 ____D () C:\32788R22FWJFW
2014-08-04 22:13 - 2013-12-08 22:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-04 22:06 - 2014-08-04 22:06 - 00021481 _____ () C:\Users\Michael\Desktop\ComboFix1.txt
2014-08-04 22:02 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-04 22:00 - 2014-08-04 21:51 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:50 - 2014-08-04 21:50 - 05567674 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-08-04 17:15 - 2014-08-04 17:07 - 00064000 _____ () C:\Users\Michael\Desktop\Auswertung 2  20140803.xls
2014-08-04 17:15 - 2014-08-04 16:57 - 00066048 _____ () C:\Users\Michael\Desktop\Auswertung 1  20140803.xls
2014-08-04 16:52 - 2013-09-09 16:52 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-08-03 22:10 - 2014-08-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 21:38 - 2014-08-03 22:53 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140803-225316.backup
2014-08-03 21:26 - 2014-08-03 21:26 - 00000951 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-08-03 21:21 - 2014-08-03 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 21:19 - 2014-08-03 21:19 - 00004641 _____ () C:\Users\Michael\Desktop\AdwCleaner[S0].txt
2014-08-03 21:19 - 2014-08-03 21:07 - 00000000 ____D () C:\AdwCleaner
2014-08-03 21:18 - 2014-08-03 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-03 21:18 - 2014-08-03 19:59 - 00001054 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-03 21:18 - 2014-08-03 19:59 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-08-03 21:10 - 2009-07-14 06:45 - 00416480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 20:25 - 2012-02-03 21:11 - 00113344 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 20:24 - 2009-07-14 19:58 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-08-03 20:24 - 2009-07-14 19:58 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-08-03 20:24 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 20:00 - 2014-08-03 20:00 - 00013544 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Abelssoft
2014-08-03 19:59 - 2014-08-03 19:59 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-03 16:20 - 2014-02-18 04:01 - 00000000 ____D () C:\Users\Michael\Desktop\Quiz
2014-08-03 09:19 - 2014-08-03 09:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 09:19 - 2012-02-24 21:11 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-03 09:18 - 2014-08-03 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 08:30 - 2014-08-03 08:30 - 00000000 _____ () C:\autoexec.bat
2014-08-03 00:43 - 2014-08-03 00:42 - 00000000 ____D () C:\Users\Michael\Documents\Sacred Citadel
2014-08-02 21:02 - 2014-01-03 23:55 - 00118241 _____ () C:\Windows\DirectX.log
2014-08-02 20:55 - 2014-08-02 20:54 - 02953520 _____ (AVAST Software) C:\Users\Michael\Desktop\avast-browser-cleanup_9.0.0.224.exe
2014-08-02 19:23 - 2013-12-08 22:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-02 11:27 - 2012-02-18 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-08-02 11:25 - 2014-07-27 22:10 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-08-02 00:21 - 2014-08-02 00:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\BigHugeEngine
2014-08-02 00:21 - 2012-02-04 14:09 - 00000000 ____D () C:\Users\Michael\Documents\My Games
2014-08-01 22:54 - 2014-07-16 20:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Game Dev Tycoon - Steam
2014-08-01 22:21 - 2013-03-20 20:52 - 00008704 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 21:52 - 2013-12-27 18:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TS3Client
2014-07-30 19:42 - 2013-12-25 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\DayZ
2014-07-30 18:03 - 2014-07-30 18:03 - 00007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-07-30 18:00 - 2013-07-20 09:59 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-07-28 21:09 - 2014-07-28 21:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\THQ
2014-07-27 22:34 - 2014-07-27 22:34 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Atlus
2014-07-22 20:26 - 2013-12-27 18:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\TeamSpeak 3 Client
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 17:53 - 2014-07-22 17:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 02:42 - 2012-02-04 03:19 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-20 08:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 18:36 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\Michael\Documents\SavedGames
2014-07-15 17:33 - 2014-07-15 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-07-15 17:25 - 2014-07-15 17:25 - 00000000 ____D () C:\Program Files (x86)\directx
2014-07-15 05:33 - 2012-02-20 17:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI
2014-07-13 16:30 - 2013-12-15 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2014-07-12 11:46 - 2013-09-25 18:22 - 00213548 _____ () C:\shared.log
2014-07-12 10:45 - 2012-04-28 10:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-12 09:52 - 2014-07-12 09:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-12 09:17 - 2014-07-12 09:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Risen2
2014-07-11 07:52 - 2014-07-11 07:52 - 00000000 ____D () C:\Users\Michael\Documents\New Star Soccer 5
2014-07-11 05:33 - 2014-06-04 09:07 - 00000000 ____D () C:\TEMP
2014-07-11 05:22 - 2013-05-16 17:10 - 00000000 ____D () C:\Windows\rescache
2014-07-10 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:05 - 2012-12-13 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:04 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2012-02-04 15:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 13:27 - 2012-04-01 16:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 13:27 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 13:27 - 2012-02-04 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 19:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Status meinerseits:
Ich habe soweit keine redirects mehr. Chrome lahmt immer noch ein wenig rum, speziell wenn ich oft besuchte Seiten aufrufe. Chrome ist bei mir relativ unverändert. Ich habe 2 kleine Addons, addblock und einen proxydienst für Youtube, mehr nicht. Der Verlauf wird 1* wöchentlich gelöscht.

Ist Dir noch etwas aufgefallen?

Danke nochmals!

Harmian

Alt 07.08.2014, 16:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Toolbar, Downloadsponsor etc. - Standard

Delta-Toolbar, Downloadsponsor etc.



Java und Adobe updaten. Backup löschen.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Delta-Toolbar, Downloadsponsor etc.
adobe, adobe flash player, antivirus, bho, browser, chrome, delta-toolbar, downloadsponsor, explorer, flash player, google, helper, hijack, hijackthis, internet, internet explorer, lizenz, logfile, microsoft, monitor, mozilla, nvidia, security, senden, software, temp, usb, windows




Ähnliche Themen: Delta-Toolbar, Downloadsponsor etc.


  1. Yahoo Toolbar drängelt vor, AVG Securtiy Toolbar nicht löschbar, Werbung poppt auf trotz Firewall
    Plagegeister aller Art und deren Bekämpfung - 23.09.2015 (31)
  2. Windows 7; langsames Hochfahren // Win32/Toolbar.Visicom.A, Win32/DownloadSponsor.C, Win32/Toolbar.Visicom.E
    Log-Analyse und Auswertung - 01.08.2015 (9)
  3. Delta search toolbar und andere Ads by browser+ Apps
    Log-Analyse und Auswertung - 02.06.2015 (16)
  4. Win 8.1 Toolbar.Visicom.A und DownloadSponsor.C
    Log-Analyse und Auswertung - 02.05.2015 (12)
  5. DownloadSponsor.Gen
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (9)
  6. Delta Toolbar, Babylon, FilesFrogUpdater durch Free-Tool installier. Infektion zu befürchten?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (18)
  7. Delta Search Toolbar Virus
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (9)
  8. Windows XP - Delta Toolbar deinstalliert - Sauber?
    Log-Analyse und Auswertung - 07.08.2013 (7)
  9. Delta Search Toolbar
    Log-Analyse und Auswertung - 12.07.2013 (9)
  10. Probleme mit Delta Search Toolbar und Spy Hunter 4.
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (12)
  11. Bundespolizei Virus, Delta-search toolbar und 13 weitere infizierte Objekte
    Log-Analyse und Auswertung - 16.06.2013 (9)
  12. Löschen Toolbar Delta Search (Win 8)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (11)
  13. mapsgalaxy toolbar und mindspark toolbar platform plugin stub - wie entfernen?
    Log-Analyse und Auswertung - 08.05.2013 (8)
  14. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  15. Delta Toolbar . - gefährlich und schwer wieder zu deinstalliern
    Mülltonne - 27.03.2013 (1)
  16. Entrusted Toolbar und DVDVideoSoftTB Toolbar lassen sich nicht deinstaliern
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (4)

Zum Thema Delta-Toolbar, Downloadsponsor etc. - Hallo, Problem 1: seit einigen Tagen hat sich die Geschwindigkeit des Seitenaufbaus bei Google Chrome massiv verlängert. Meine Aktion: Nachdem ich probeweise meinen Antivirus Sophos (Lizenz von Uni) durchlaufen ließ, - Delta-Toolbar, Downloadsponsor etc....
Archiv
Du betrachtest: Delta-Toolbar, Downloadsponsor etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.