Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   webtinstMKTN84 (https://www.trojaner-board.de/167053-webtinstmktn84.html)

CoolTool12 19.05.2015 17:02
webtinstMKTN84
 
ich hab arge probleme mit dem in der überschrift genannten virus,denke mal das es einer ist,hab bis jetzt ADWCleaner drüberlaufen lassen aber der bekommt es nicht weg ebensowenig malwarebytes anti-malware,durch dieses problemchen ist es mir kaum möglich ne seite aufzubauen ohne das mein rechner abschmiert da ich mit werbung quasi zugebombt werde-hoffe mir kann da jemand helfen....

schrauber 19.05.2015 19:05
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


CoolTool12 20.05.2015 01:51
hallo,
danke für die schnelle reaktion


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Schnarchnase (administrator) on SCHNARCHNASE-PC on 20-05-2015 02:35:48
Running from C:\Users\Schnarchnase\Desktop
Loaded Profiles: Schnarchnase (Available profiles: Schnarchnase)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Creative Technology Ltd.) C:\Windows\V0700Mon.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6749912 2014-11-28] (Realtek Semiconductor)
HKLM\...\Run: [V0700Mon.exe] => C:\Windows\V0700Mon.exe [28672 2011-08-22] (Creative Technology Ltd.)
HKLM\...\Run: [C:\Windows\system32\V0700Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0700Ext.ax
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\MountPoints2: {b1fa1d0e-838c-11e4-817b-806e6f6e6963} - F:\Autorun.exe
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2017956324-529535752-2850090790-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2017956324-529535752-2850090790-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Schnarchnase\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\Firefox\Extensions: [{E7ED0CBE-83A8-AA9C-1009-321FB24E1418}] - C:\Program Files\version87IneedSpeed\192.xpi

Chrome:
=======
CHR Profile: C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-14]
CHR Extension: (YouTube) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-14]
CHR Extension: (Google Search) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-14]
CHR Extension: (Tampermonkey) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-02]
CHR Extension: (Bookmark Manager) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (IneedSpeed) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkkhecnpcdmonaccakhgidmdjmldlih [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-14]
CHR Extension: (Gmail) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-14]

Opera:
=======
OPR Extension: (DotVPN - Free and Secure VPN) - C:\Users\Schnarchnase\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2015-05-19]
OPR Extension: (Übersetzen) - C:\Users\Schnarchnase\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology) [File not signed]
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2015-05-19] (The OpenVPN Project)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [18944 2014-12-22] (Creative Technology Ltd.)
S3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [322528 2011-09-06] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 02:35 - 2015-05-20 02:36 - 00009882 _____ () C:\Users\Schnarchnase\Desktop\FRST.txt
2015-05-20 02:35 - 2015-05-20 02:35 - 01146880 _____ (Farbar) C:\Users\Schnarchnase\Desktop\FRST.exe
2015-05-20 02:35 - 2015-05-20 02:35 - 00000000 ____D () C:\FRST
2015-05-19 21:14 - 2015-05-19 21:14 - 00058016 _____ () C:\Users\Schnarchnase\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 21:14 - 2015-05-19 21:14 - 00000056 _____ () C:\Windows\setupact.log
2015-05-19 21:14 - 2015-05-19 21:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 21:13 - 2015-05-19 21:14 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 20:33 - 2015-05-19 21:17 - 00015623 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 19:31 - 2015-05-19 20:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-19 19:31 - 2015-05-19 19:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-19 19:31 - 2015-05-19 19:31 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-19 19:31 - 2015-05-19 19:31 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-19 19:31 - 2015-05-19 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-19 19:31 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-19 19:11 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 19:09 - 2015-05-19 19:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-19 18:55 - 2015-05-19 18:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schnarchnase\Downloads\spybot-2.4 (1).exe
2015-05-19 18:54 - 2015-05-19 18:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schnarchnase\Downloads\spybot-2.4.exe
2015-05-19 18:51 - 2015-05-19 18:52 - 50811104 _____ (Microsoft Corporation) C:\Users\Schnarchnase\Downloads\Windows-KB890830-V5.24.exe
2015-05-19 17:39 - 2015-05-19 18:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-19 17:39 - 2015-05-19 17:39 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-19 17:39 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-19 17:39 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-19 17:39 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 17:38 - 2015-05-19 17:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Schnarchnase\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-19 17:22 - 2015-05-19 17:22 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\Company of Heroes - Tales Of Valor  v2.500.0.127 Trainer
2015-05-19 17:12 - 2015-05-19 21:14 - 00000422 _____ () C:\Windows\Tasks\IneedSpeed Update.job
2015-05-19 17:12 - 2015-05-19 17:12 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-19 17:12 - 2015-05-19 17:12 - 00000000 ____D () C:\ProgramData\ZombieNews
2015-05-19 17:11 - 2015-05-19 17:11 - 00023040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-05-19 17:11 - 2015-05-19 17:11 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\EasyVpn
2015-05-19 17:11 - 2015-05-19 17:11 - 00000000 ____D () C:\Program Files\EasyVpn
2015-05-19 14:33 - 2015-05-19 14:34 - 36004304 _____ (Totem Entertainment ) C:\Users\Schnarchnase\Downloads\setup-vgirl.exe
2015-05-19 14:28 - 2015-05-19 14:28 - 02209792 _____ () C:\Users\Schnarchnase\Downloads\adwcleaner_4.204.exe
2015-05-18 12:55 - 2015-05-18 12:56 - 00001603 _____ () C:\Users\Schnarchnase\Desktop\Company of Heroes.lnk
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\Company.of.Heroes.Tales.of.Valor.CHEATS.English
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\cohtovsave
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\bws-0354
2015-05-18 12:52 - 2015-05-18 12:52 - 00000873 _____ () C:\Users\Schnarchnase\Downloads\cohtovsave.rar
2015-05-18 12:51 - 2015-05-18 12:51 - 00066286 _____ () C:\Users\Schnarchnase\Downloads\bws-0354.rar
2015-05-18 12:51 - 2015-05-18 12:51 - 00000673 _____ () C:\Users\Schnarchnase\Downloads\Company.of.Heroes.Tales.of.Valor.CHEATS.English.7z
2015-05-18 12:18 - 2015-05-18 12:18 - 00000000 ____D () C:\Program Files\THQ
2015-05-18 11:14 - 2015-05-18 11:14 - 00000000 __SHD () C:\Windows\ftpcache
2015-05-16 12:58 - 2015-05-16 12:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Program Files\Adobe
2015-05-16 12:57 - 2015-05-16 12:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-16 12:56 - 2015-05-16 12:57 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Schnarchnase\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-15 19:19 - 2015-05-15 19:19 - 339645536 _____ (Creative Technology Ltd) C:\Users\Schnarchnase\Downloads\LC3L_PCAPP_L17_3_01_28.exe
2015-05-15 19:18 - 2015-05-15 19:18 - 385430600 _____ (Creative Technology Ltd) C:\Users\Schnarchnase\Downloads\LCCH_CMB1D_W1_17.exe
2015-05-10 11:10 - 2015-05-10 11:10 - 00002110 _____ () C:\Users\Public\Desktop\Oblivion.lnk
2015-05-10 11:02 - 2015-05-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-05-10 11:02 - 2015-05-10 11:02 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2015-05-10 11:01 - 2015-05-10 11:01 - 00107888 _____ (Sony DADC Austria AG.) C:\Windows\system32\CmdLineExt.dll
2015-05-10 11:01 - 2015-05-10 11:01 - 00000000 __RHD () C:\Users\Schnarchnase\AppData\Roaming\SecuROM
2015-05-10 11:01 - 2015-05-10 11:01 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-05-10 11:00 - 2015-05-18 12:40 - 00000000 ____D () C:\Users\Schnarchnase\Documents\My Games
2015-05-10 11:00 - 2015-05-10 11:12 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Oblivion
2015-05-10 05:00 - 2015-05-10 05:00 - 00000000 ____D () C:\Users\Schnarchnase\Documents\ArcaniA - Gothic 4
2015-05-10 04:56 - 2015-05-10 06:58 - 00000000 ____D () C:\Users\Schnarchnase\Documents\ArcaniA - AddOn
2015-05-10 04:49 - 2015-05-10 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Fall of Setarrif
2015-05-10 04:42 - 2015-05-10 04:42 - 00000000 ____D () C:\Program Files\Nordic Games
2015-05-10 04:34 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-05-10 04:34 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-05-10 04:34 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-05-10 04:34 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-05-10 04:34 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-05-10 04:34 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-05-10 04:22 - 2015-05-10 04:22 - 00000000 ____D () C:\Program Files\JoWooD Entertainment AG
2015-05-10 04:21 - 2015-05-10 04:21 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Macromedia
2015-05-08 14:26 - 2015-05-20 02:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 14:26 - 2015-05-19 01:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-08 14:26 - 2015-05-19 01:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-08 14:26 - 2015-05-19 01:29 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Adobe
2015-05-08 14:26 - 2015-05-17 01:38 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-08 14:26 - 2015-05-08 14:26 - 00000000 ____D () C:\Windows\system32\Macromed
2015-05-08 14:23 - 2015-05-08 14:23 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-08 14:23 - 2015-05-08 14:23 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Opera Software
2015-05-08 14:23 - 2015-05-08 14:23 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Opera Software
2015-05-08 14:22 - 2015-05-08 14:23 - 00000000 ____D () C:\Program Files\Opera
2015-05-08 14:22 - 2015-05-08 14:22 - 00683976 _____ (Opera Software) C:\Users\Schnarchnase\Downloads\Opera_NI_stable.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 02:11 - 2014-12-14 14:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 21:21 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 21:21 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 21:21 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 21:14 - 2014-12-14 14:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 21:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-19 19:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2015-05-19 17:46 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2015-05-19 17:12 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-18 12:39 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-16 12:59 - 2014-12-15 23:47 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Adobe
2015-05-15 19:09 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2015-05-10 11:16 - 2014-12-14 14:36 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\VirtualStore
2015-05-10 11:13 - 2015-03-25 00:10 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-10 11:02 - 2014-12-14 16:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-10 04:56 - 2015-03-25 06:38 - 00000007 _____ () C:\Users\Schnarchnase\Documents\mt-x_hook.txt
2015-05-10 04:56 - 2015-03-25 06:38 - 00000006 _____ () C:\Users\Schnarchnase\Documents\mt-e_hook.txt

==================== Files in the root of some directories =======

2014-12-14 16:02 - 2014-12-14 16:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Schnarchnase\AppData\Local\Temp\894EAA2F-E4C1-7949-789D-8D740DD57B3C.dll
C:\Users\Schnarchnase\AppData\Local\Temp\894EAA2F-E4C1-7949-789D-8D740DD57B3C.exe
C:\Users\Schnarchnase\AppData\Local\Temp\DAB68B90-ECCD-9386-8158-A6364E166ECB.exe
C:\Users\Schnarchnase\AppData\Local\Temp\Quarantine.exe
C:\Users\Schnarchnase\AppData\Local\Temp\sqlite3.dll
C:\Users\Schnarchnase\AppData\Local\Temp\zHA7lgKb7P.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 16:29

==================== End Of Log ============================
--- --- ---





Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by Schnarchnase at 2015-05-20 02:36:13
Running from C:\Users\Schnarchnase\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2017956324-529535752-2850090790-500 - Administrator - Disabled)
Gast (S-1-5-21-2017956324-529535752-2850090790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2017956324-529535752-2850090790-1002 - Limited - Enabled)
Schnarchnase (S-1-5-21-2017956324-529535752-2850090790-1000 - Administrator - Enabled) => C:\Users\Schnarchnase

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip v14.12 (HKLM\...\3DP Chip) (Version: v14.12 - )
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ArcaniA - Fall of Setarrif (HKLM\...\{BA1F2D65-B22F-47C7-A3D0-A7827DF20272}_is1) (Version:  - Nordic Games GmbH)
ArcaniA - Gothic 4 (HKLM\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - JoWooD Entertainment AG)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)
Creative Live! Cam Chat HD (VF0700) (1.00.06.00) (HKLM\...\Creative VF0700) (Version:  - Creative Technology Ltd.)
Dead Space™ 2 (HKLM\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.943.0 - Electronic Arts)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MegaTrainer eXperience V1.1.7.8 (HKLM\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7388 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
Unity Web Player (HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zombie Shooter 2 v 1.0 (HKLM\...\Zombie Shooter 2_is1) (Version:  - Sigma Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2017956324-529535752-2850090790-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Schnarchnase\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

25-03-2015 21:39:11 Installiert Stronghold
28-03-2015 00:56:58 Installiert Stronghold Crusader Extreme
02-05-2015 21:46:31 Geplanter Prüfpunkt
05-05-2015 18:31:01 Removed Auto Clicker Asoftech
07-05-2015 04:26:53 Windows Update
10-05-2015 04:33:32 Installed NVIDIA PhysX
10-05-2015 04:33:57 DirectX wurde installiert
10-05-2015 04:49:52 DirectX wurde installiert
10-05-2015 11:01:48 DirectX 9.0 wurde installiert
10-05-2015 11:02:00 Installiert Oblivion
16-05-2015 12:57:45 Installed Adobe Acrobat Reader DC - Deutsch.
18-05-2015 12:18:55 DirectX wurde installiert
19-05-2015 17:11:22 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CE6CB3A-438C-4CAF-A048-C4B678BAE464} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {238A6D86-A917-46F3-A2D5-A7F5322BCE2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {672750B1-1F35-4DA1-8DDC-35C52A3150C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
Task: {67763A0D-D15C-4307-8DA2-943F360ED98B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: {6AF3B3C9-7E83-430D-8DD1-BB7B04B143B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {88784D16-7E26-4367-9C35-9C64AE9D9593} - System32\Tasks\IneedSpeed Update => C:\Program Files\version87IneedSpeed\b4IneedSpeedQ95.exe
Task: {8F964597-B91B-4504-8973-3DCD4648515B} - System32\Tasks\Opera scheduled Autoupdate 1431087785 => C:\Program Files\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {9C885B61-E162-4E4B-89B7-868D936D4830} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {A8D1FBAB-14E0-4EAC-A6FF-6505ABE0A39B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B904102B-B750-4C79-A967-F9AED76822C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {CA521A58-2A1C-4096-9BD7-302E2066F341} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IneedSpeed Update.job => C:\Program Files\version87IneedSpeed\b4IneedSpeedQ95.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-19 19:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-19 19:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-19 19:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-19 19:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-19 19:31 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-22 02:03 - 2014-11-22 02:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-15 15:38 - 2014-11-28 02:09 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-15 15:38 - 2014-11-28 02:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-15 15:38 - 2014-11-28 02:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-05-08 14:23 - 2015-04-17 10:01 - 01576568 _____ () C:\Program Files\Opera\29.0.1795.47\libglesv2.dll
2015-05-08 14:23 - 2015-04-17 10:01 - 00081016 _____ () C:\Program Files\Opera\29.0.1795.47\libegl.dll
2015-05-19 01:29 - 2015-05-19 01:29 - 14982320 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2017956324-529535752-2850090790-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{74F730BB-A2ED-44D5-B5B1-DFFFA04A5275}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{791D81DB-42B0-4C3A-9E3A-C9C02F7E4294}] => (Allow) E:\RE5\RE5DX9.EXE
FirewallRules: [{5CC35802-BAA6-44E5-B852-69C9BA94DA41}] => (Allow) E:\RE5\RE5DX9.EXE
FirewallRules: [{6CC0BC9F-D16F-4145-9CD3-96035A443232}] => (Allow) E:\RE5\RE5DX10.EXE
FirewallRules: [{3A047D63-79D5-4F50-98E8-7C6BDC4D6A0A}] => (Allow) E:\RE5\RE5DX10.EXE
FirewallRules: [{310556C8-42A9-43D3-AE15-78C4FEB54F28}] => (Allow) C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{A23127D2-7D79-4FAC-BBF1-114CB62F2105}] => (Allow) C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{5A5FFCED-D9D6-46BA-A68B-63623D90155B}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{03D1CDDE-48B2-4460-9803-6FAE105C0A70}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [TCP Query User{FAE7AB90-B11C-4B77-8CE5-EF596D122E62}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe] => (Allow) C:\program files\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [UDP Query User{D8E059D5-F89F-4F0D-927B-ED35ABA5808B}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe] => (Allow) C:\program files\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [{3716D860-68BE-4DF5-BBCD-DE225ADAD2EB}] => (Allow) C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{8A861458-0DBC-4F5E-8D07-7A0866549F38}] => (Allow) C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{BCCCF426-073D-4208-ACE2-621F09FA38FE}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{95E06D9E-59A5-4126-8F7D-9CB139DCD493}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{CE7FBBF3-9ADE-410D-A588-F83703D2BC62}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{9BB56D23-5380-4AA1-9187-ACAC731326C7}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [TCP Query User{D93D9F6A-AA6F-4B12-95C6-288C21DF81B4}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{1DE454D6-406A-496F-8D4E-C8B7AD09444A}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [{48E61E88-090E-4F89-B7DA-68E3C0456017}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0948DB1B-D2C9-4108-A469-B41108DAA07A}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{B33B645E-BB5E-4E50-92CF-275F5AE781CF}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{742E1DBE-2718-46FC-B243-35BB43175FE5}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{AF9558C8-FF30-40D7-B61E-1BC6FF439290}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 09:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 09:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:31:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:29:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:15:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/19/2015 08:15:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/19/2015 07:32:10 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (05/19/2015 07:10:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/19/2015 09:14:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
sfhlp01

Error: (05/19/2015 09:13:54 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prodrv06.sys konnte nicht geladen werden.

Error: (05/19/2015 09:13:51 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prohlp02.sys konnte nicht geladen werden.

Error: (05/19/2015 09:13:51 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prosync1.sys konnte nicht geladen werden.

Error: (05/19/2015 09:13:51 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfhlp01.sys konnte nicht geladen werden.

Error: (05/19/2015 09:06:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
sfhlp01

Error: (05/19/2015 09:06:23 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prodrv06.sys konnte nicht geladen werden.

Error: (05/19/2015 09:06:20 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prohlp02.sys konnte nicht geladen werden.

Error: (05/19/2015 09:06:20 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prosync1.sys konnte nicht geladen werden.

Error: (05/19/2015 09:06:20 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfhlp01.sys konnte nicht geladen werden.


Microsoft Office Sessions:
=========================
Error: (05/19/2015 09:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 09:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:31:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:29:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:15:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (05/19/2015 08:15:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\3DP Chip\DPInst64.exe

Error: (05/19/2015 07:32:10 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (05/19/2015 07:10:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 3583.12 MB
Available physical RAM: 2500.32 MB
Total Pagefile: 7164.53 MB
Available Pagefile: 5691.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:302.64 GB) (Free:232.55 GB) NTFS
Drive d: () (Fixed) (Total:488.28 GB) (Free:476.94 GB) NTFS
Drive e: () (Fixed) (Total:140.5 GB) (Free:133.53 GB) NTFS
Drive f: (Disk1) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1D545EAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=302.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)

hoffe das geht so,ist das erste mal das ich in nem forum schreib,hab seit ich den thread erstellt hab noch spybot draufgemacht und auch manuell gesucht aber alles war nach dem löschen wieder vorhanden obwohl CCleaner keine einträge in der registry gefunden hat

schrauber 20.05.2015 20:26
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CoolTool12 21.05.2015 10:18
moin,
update meiner letzten handlungen,adwcleaner nochmals ausgeführt und gefundene ergebnisse manuell gelöscht,hatten sich welche im "drivers" ordner von windows versteckt unter anderem
patsearch.sys und webtinstMKTN84.sys,problem scheint dadurch nicht gelöst sondern lediglich gemildert da ich immer noch zb. per google einen suchbegriff eingebe und nachdem anzeigen des ergebnisses weitergeleitet werde zu anderen seiten und auch wesentlich mehr werbung angezeigt bekomme als normal aber wenigstens schmiert meine kiste nicht mehr ab-folglich müssen sich noch weitere addware/malware darauf befinden

Code:
ComboFix 15-05-19.01 - Schnarchnase 21.05.2015  10:34:37.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3583.2833 [GMT 2:00]
ausgeführt von:: c:\users\Schnarchnase\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-21 bis 2015-05-21  ))))))))))))))))))))))))))))))
.
.
2015-05-21 08:38 . 2015-05-21 08:38        --------        d-----w-        c:\users\Schnarchnase\AppData\Local\temp
2015-05-21 08:38 . 2015-05-21 08:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-20 00:35 . 2015-05-20 00:36        --------        d-----w-        C:\FRST
2015-05-19 17:31 . 2013-09-20 08:49        18968        ----a-w-        c:\windows\system32\sdnclean.exe
2015-05-19 17:31 . 2015-05-19 18:20        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2015-05-19 17:31 . 2015-05-19 17:35        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2
2015-05-19 15:39 . 2015-05-19 16:11        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-19 15:39 . 2015-05-19 15:39        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2015-05-19 15:39 . 2015-05-19 15:39        --------        d-----w-        c:\programdata\Malwarebytes
2015-05-19 15:39 . 2015-04-14 07:37        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-05-19 15:39 . 2015-04-14 07:37        92888        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-05-19 15:39 . 2015-04-14 07:37        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-05-19 15:12 . 2015-05-19 15:12        --------        d-----w-        c:\programdata\ZombieNews
2015-05-19 15:11 . 2015-05-19 15:11        --------        d-----w-        c:\users\Schnarchnase\AppData\Roaming\EasyVpn
2015-05-19 15:11 . 2015-05-19 15:11        23040        ----a-w-        c:\windows\system32\drivers\tap0901.sys
2015-05-19 15:11 . 2015-05-19 15:11        --------        d-----w-        c:\program files\EasyVpn
2015-05-18 10:39 . 2015-05-18 10:39        --------        d-----w-        c:\programdata\Media Center Programs
2015-05-18 10:18 . 2015-05-18 10:18        --------        d-----w-        c:\program files\THQ
2015-05-18 09:14 . 2015-05-18 09:14        --------        d-sh--w-        c:\windows\ftpcache
2015-05-16 10:58 . 2015-05-16 10:58        --------        d-----w-        c:\program files\Common Files\Adobe
2015-05-10 09:02 . 2015-05-10 09:02        --------        d-----w-        c:\program files\Bethesda Softworks
2015-05-10 09:01 . 2015-05-10 09:01        --------        d-----w-        c:\program files\Common Files\InstallShield
2015-05-10 09:01 . 2015-05-10 09:01        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll
2015-05-10 09:01 . 2015-05-10 09:01        --------        d--h--r-        c:\users\Schnarchnase\AppData\Roaming\SecuROM
2015-05-10 09:00 . 2015-05-10 09:12        --------        d-----w-        c:\users\Schnarchnase\AppData\Local\Oblivion
2015-05-10 02:42 . 2015-05-10 02:42        --------        d-----w-        c:\program files\Nordic Games
2015-05-10 02:33 . 2015-05-10 02:33        --------        d-----w-        c:\program files\NVIDIA Corporation
2015-05-10 02:33 . 2015-05-10 02:33        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2015-05-10 02:22 . 2015-05-10 02:22        --------        d-----w-        c:\program files\JoWooD Entertainment AG
2015-05-08 12:26 . 2015-05-18 23:29        778416        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-05-08 12:26 . 2015-05-18 23:29        142512        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-08 12:26 . 2015-05-08 12:26        --------        d-----w-        c:\windows\system32\Macromed
2015-05-08 12:26 . 2015-05-18 23:29        --------        d-----w-        c:\users\Schnarchnase\AppData\Local\Adobe
2015-05-08 12:23 . 2015-05-08 12:23        --------        d-----w-        c:\users\Schnarchnase\AppData\Roaming\Opera Software
2015-05-08 12:23 . 2015-05-08 12:23        --------        d-----w-        c:\users\Schnarchnase\AppData\Local\Opera Software
2015-05-08 12:22 . 2015-05-21 08:35        --------        d-----w-        c:\program files\Opera
2015-05-07 02:27 . 2015-04-04 06:39        9201616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{799226A0-8969-49E1-844D-0E4DA1907E4D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 07:36 . 2015-03-25 00:29        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2015-03-11 03:30 . 2015-03-24 21:52        534528        ----a-w-        c:\windows\system32\generaltel.dll
2015-03-11 03:30 . 2015-03-24 21:52        623616        ----a-w-        c:\windows\system32\invagent.dll
2015-03-11 03:29 . 2015-03-24 21:52        327168        ----a-w-        c:\windows\system32\devinv.dll
2015-03-11 03:29 . 2015-03-24 21:52        818176        ----a-w-        c:\windows\system32\appraiser.dll
2015-03-11 03:29 . 2015-03-24 21:52        26112        ----a-w-        c:\windows\system32\acmigration.dll
2015-03-11 03:29 . 2015-03-24 21:52        202752        ----a-w-        c:\windows\system32\aepdu.dll
2015-03-11 03:29 . 2015-03-24 21:52        159744        ----a-w-        c:\windows\system32\aepic.dll
2015-03-11 03:26 . 2015-03-24 21:52        892928        ----a-w-        c:\windows\system32\aeinv.dll
2015-03-06 05:15 . 2015-03-24 21:53        67512        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:15 . 2015-03-24 21:53        137656        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:10 . 2015-03-24 21:53        172032        ----a-w-        c:\windows\system32\wdigest.dll
2015-03-06 05:10 . 2015-03-24 21:53        65536        ----a-w-        c:\windows\system32\TSpkg.dll
2015-03-06 05:10 . 2015-03-24 21:53        15872        ----a-w-        c:\windows\system32\sspisrv.dll
2015-03-06 05:10 . 2015-03-24 21:53        100352        ----a-w-        c:\windows\system32\sspicli.dll
2015-03-06 05:10 . 2015-03-24 21:53        248832        ----a-w-        c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-24 21:53        22016        ----a-w-        c:\windows\system32\secur32.dll
2015-03-06 05:10 . 2015-03-24 21:53        259584        ----a-w-        c:\windows\system32\msv1_0.dll
2015-03-06 05:10 . 2015-03-24 21:53        221184        ----a-w-        c:\windows\system32\ncrypt.dll
2015-03-06 05:10 . 2015-03-24 21:53        550912        ----a-w-        c:\windows\system32\kerberos.dll
2015-03-06 05:10 . 2015-03-24 21:53        1061376        ----a-w-        c:\windows\system32\lsasrv.dll
2015-03-06 05:10 . 2015-03-24 21:53        17408        ----a-w-        c:\windows\system32\credssp.dll
2015-03-06 05:09 . 2015-03-24 21:53        22528        ----a-w-        c:\windows\system32\lsass.exe
2015-03-06 05:09 . 2015-03-24 21:53        50176        ----a-w-        c:\windows\system32\auditpol.exe
2015-03-06 05:07 . 2015-03-24 21:53        60416        ----a-w-        c:\windows\system32\msobjs.dll
2015-03-06 05:07 . 2015-03-24 21:53        146432        ----a-w-        c:\windows\system32\msaudite.dll
2015-03-06 05:06 . 2015-03-24 21:53        686080        ----a-w-        c:\windows\system32\adtschema.dll
2015-02-26 03:11 . 2015-03-24 21:53        2381312        ----a-w-        c:\windows\system32\win32k.sys
2015-02-24 02:23 . 2014-12-14 13:30        246920        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0700Ext.ax"="c:\windows\system32\V0700Ext.ax" [X]
"StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-11-20 748232]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-11-28 6749912]
"V0700Mon.exe"="c:\windows\V0700Mon.exe" [2011-08-22 28672]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-11-21 18:41        5282584        ----a-w-        c:\program files\CCleaner\CCleaner.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys [2011-09-06 322528]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys [2014-12-22 18944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-15 20:09        988488        ----a-w-        c:\program files\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-08 23:29]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-14 12:44]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-14 12:44]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2017956324-529535752-2850090790-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-21  10:39:37
ComboFix-quarantined-files.txt  2015-05-21 08:39
.
Vor Suchlauf: 9 Verzeichnis(se), 249.173.147.648 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 249.069.223.936 Bytes frei
.
- - End Of File - - BF72ECB41388150B74F5E217E156CADB
A36C5E4F47E84449FF07ED3517B43A31
ich danke schonmal für ihre hilfe
Gruß,CoolTool

schrauber 22.05.2015 06:45
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

CoolTool12 22.05.2015 11:42
Hallo,hier sind alle angeforderten log-files

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.05.2015
Suchlauf-Zeit: 12:18:42
Logdatei: mbam_log.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.22.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Schnarchnase

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307598
Verstrichene Zeit: 6 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 7
PUP.Optional.PricePeep.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [0a9fa5f10684dc5ab6a929b25aa94fb1],
PUP.Optional.PricePeep.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, , [cbde22745634b284451a24b715ee5ba5],
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf, , [93162e68c2c88ea89325cb19bd4635cb],
PUP.Optional.SelectNGo.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, , [b2f7f99d0c7e0432ef926980cd3643bd],
PUP.Optional.SelectNGo.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, , [7e2b41554d3d9f97126fbf2a35ce58a8],
PUP.Optional.ReMarkable.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, , [2a7fe5b1c3c794a26617a3caa4610df3],
PUP.Optional.ReMarkable.A, C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, , [17927026ed9d2610f4899bd2f31226da],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)







Code:
# AdwCleaner v4.205 - Bericht erstellt 22/05/2015 um 12:29:53
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Schnarchnase - SCHNARCHNASE-PC
# Gestarted von : C:\Users\Schnarchnase\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v43.0.2357.65


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R10].txt - [930 Bytes] - [22/05/2015 12:28:58]
AdwCleaner[S5].txt - [850 Bytes] - [22/05/2015 12:29:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [908  Bytes] ##########





Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Home Premium x86
Ran by Schnarchnase on 22.05.2015 at 12:34:00,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Schnarchnase\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2015 at 12:35:02,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Schnarchnase (administrator) on SCHNARCHNASE-PC on 22-05-2015 12:35:57
Running from C:\Users\Schnarchnase\Desktop
Loaded Profiles: Schnarchnase (Available profiles: Schnarchnase)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6749912 2014-11-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [V0700Mon.exe] => C:\Windows\V0700Mon.exe [28672 2011-08-22] (Creative Technology Ltd.)
HKLM\...\Run: [C:\Windows\system32\V0700Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0700Ext.ax
HKLM-x32\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2017956324-529535752-2850090790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2017956324-529535752-2850090790-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Schnarchnase\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\Firefox\Extensions: [{E7ED0CBE-83A8-AA9C-1009-321FB24E1418}] - C:\Program Files\version87IneedSpeed\192.xpi

Chrome:
=======
CHR Profile: C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-14]
CHR Extension: (YouTube) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-14]
CHR Extension: (Google Search) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-14]
CHR Extension: (Tampermonkey) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-02]
CHR Extension: (Bookmark Manager) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (IneedSpeed) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkkhecnpcdmonaccakhgidmdjmldlih [2015-05-19]
CHR Extension: (Gmail) - C:\Users\Schnarchnase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-14]

Opera:
=======
OPR Extension: (DotVPN - Free and Secure VPN) - C:\Users\Schnarchnase\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2015-05-19]
OPR Extension: (Übersetzen) - C:\Users\Schnarchnase\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology) [File not signed]
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2015-05-19] (The OpenVPN Project)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [18944 2014-12-22] (Creative Technology Ltd.)
S3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [322528 2011-09-06] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\SCHNAR~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 12:35 - 2015-05-22 12:36 - 00009055 _____ () C:\Users\Schnarchnase\Desktop\FRST.txt
2015-05-22 12:35 - 2015-05-22 12:35 - 00000771 _____ () C:\Users\Schnarchnase\Desktop\JRT.txt
2015-05-22 12:35 - 2015-05-22 12:35 - 00000000 ____D () C:\Users\Schnarchnase\Desktop\FRST-OlderVersion
2015-05-22 12:34 - 2015-05-22 12:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SCHNARCHNASE-PC-Windows-7-Home-Premium-(32-bit).dat
2015-05-22 12:34 - 2015-05-22 12:34 - 00000000 ____D () C:\RegBackup
2015-05-22 12:32 - 2015-05-22 12:32 - 02720009 _____ (Thisisu) C:\Users\Schnarchnase\Downloads\JRT.exe
2015-05-22 12:31 - 2015-05-22 12:31 - 00000987 _____ () C:\Users\Schnarchnase\Desktop\AdwCleaner[S5].txt
2015-05-22 12:28 - 2015-05-22 12:29 - 00000000 ____D () C:\AdwCleaner
2015-05-22 12:28 - 2015-05-22 12:28 - 02223104 _____ () C:\Users\Schnarchnase\Downloads\adwcleaner_4.205.exe
2015-05-22 12:03 - 2015-05-22 12:03 - 00000546 _____ () C:\Windows\PFRO.log
2015-05-21 16:21 - 2015-05-21 16:22 - 00005513 _____ () C:\Users\Schnarchnase\Desktop\Neues Textdokument.txt
2015-05-21 10:39 - 2015-05-21 10:39 - 00011336 _____ () C:\ComboFix.txt
2015-05-21 10:33 - 2015-05-21 10:39 - 00000000 ____D () C:\Qoobox
2015-05-21 10:33 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 10:33 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 10:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 10:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 10:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 10:33 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 10:33 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 10:33 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 10:32 - 2015-05-21 10:39 - 00000000 ____D () C:\Windows\erdnt
2015-05-21 10:26 - 2015-05-21 10:26 - 05627500 ____R (Swearware) C:\Users\Schnarchnase\Desktop\ComboFix.exe
2015-05-20 02:35 - 2015-05-22 12:35 - 01147392 _____ (Farbar) C:\Users\Schnarchnase\Desktop\FRST.exe
2015-05-20 02:35 - 2015-05-22 12:35 - 00000000 ____D () C:\FRST
2015-05-19 21:14 - 2015-05-22 12:30 - 00000504 _____ () C:\Windows\setupact.log
2015-05-19 21:14 - 2015-05-19 21:14 - 00058016 _____ () C:\Users\Schnarchnase\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 21:14 - 2015-05-19 21:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 21:13 - 2015-05-19 21:14 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 20:33 - 2015-05-22 12:33 - 00046255 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 19:31 - 2015-05-19 20:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-19 19:31 - 2015-05-19 19:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-19 19:31 - 2015-05-19 19:31 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-19 19:31 - 2015-05-19 19:31 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-19 19:31 - 2015-05-19 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-19 19:31 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-19 19:11 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 18:55 - 2015-05-19 18:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schnarchnase\Downloads\spybot-2.4 (1).exe
2015-05-19 18:54 - 2015-05-19 18:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schnarchnase\Downloads\spybot-2.4.exe
2015-05-19 18:51 - 2015-05-19 18:52 - 50811104 _____ (Microsoft Corporation) C:\Users\Schnarchnase\Downloads\Windows-KB890830-V5.24.exe
2015-05-19 17:39 - 2015-05-22 12:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-19 17:39 - 2015-05-19 17:39 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 17:39 - 2015-05-19 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-19 17:39 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-19 17:39 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-19 17:39 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 17:38 - 2015-05-19 17:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Schnarchnase\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-19 17:22 - 2015-05-19 17:22 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\Company of Heroes - Tales Of Valor  v2.500.0.127 Trainer
2015-05-19 17:12 - 2015-05-19 17:12 - 00000000 ____D () C:\ProgramData\ZombieNews
2015-05-19 17:11 - 2015-05-19 17:11 - 00023040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-05-19 17:11 - 2015-05-19 17:11 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\EasyVpn
2015-05-19 17:11 - 2015-05-19 17:11 - 00000000 ____D () C:\Program Files\EasyVpn
2015-05-19 14:33 - 2015-05-19 14:34 - 36004304 _____ (Totem Entertainment ) C:\Users\Schnarchnase\Downloads\setup-vgirl.exe
2015-05-18 12:55 - 2015-05-21 16:23 - 00001571 _____ () C:\Users\Schnarchnase\Desktop\Company of Heroes.lnk
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\Company.of.Heroes.Tales.of.Valor.CHEATS.English
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\cohtovsave
2015-05-18 12:53 - 2015-05-18 12:53 - 00000000 ____D () C:\Users\Schnarchnase\Downloads\bws-0354
2015-05-18 12:52 - 2015-05-18 12:52 - 00000873 _____ () C:\Users\Schnarchnase\Downloads\cohtovsave.rar
2015-05-18 12:51 - 2015-05-18 12:51 - 00066286 _____ () C:\Users\Schnarchnase\Downloads\bws-0354.rar
2015-05-18 12:51 - 2015-05-18 12:51 - 00000673 _____ () C:\Users\Schnarchnase\Downloads\Company.of.Heroes.Tales.of.Valor.CHEATS.English.7z
2015-05-18 12:18 - 2015-05-18 12:18 - 00000000 ____D () C:\Program Files\THQ
2015-05-18 11:14 - 2015-05-18 11:14 - 00000000 __SHD () C:\Windows\ftpcache
2015-05-16 12:58 - 2015-05-16 12:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Program Files\Adobe
2015-05-16 12:57 - 2015-05-16 12:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-16 12:56 - 2015-05-16 12:57 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Schnarchnase\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-15 19:19 - 2015-05-15 19:19 - 339645536 _____ (Creative Technology Ltd) C:\Users\Schnarchnase\Downloads\LC3L_PCAPP_L17_3_01_28.exe
2015-05-15 19:18 - 2015-05-15 19:18 - 385430600 _____ (Creative Technology Ltd) C:\Users\Schnarchnase\Downloads\LCCH_CMB1D_W1_17.exe
2015-05-10 11:10 - 2015-05-10 11:10 - 00002110 _____ () C:\Users\Public\Desktop\Oblivion.lnk
2015-05-10 11:02 - 2015-05-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-05-10 11:02 - 2015-05-10 11:02 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2015-05-10 11:01 - 2015-05-10 11:01 - 00107888 _____ (Sony DADC Austria AG.) C:\Windows\system32\CmdLineExt.dll
2015-05-10 11:01 - 2015-05-10 11:01 - 00000000 __RHD () C:\Users\Schnarchnase\AppData\Roaming\SecuROM
2015-05-10 11:01 - 2015-05-10 11:01 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-05-10 11:00 - 2015-05-18 12:40 - 00000000 ____D () C:\Users\Schnarchnase\Documents\My Games
2015-05-10 11:00 - 2015-05-10 11:12 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Oblivion
2015-05-10 05:00 - 2015-05-10 05:00 - 00000000 ____D () C:\Users\Schnarchnase\Documents\ArcaniA - Gothic 4
2015-05-10 04:56 - 2015-05-10 06:58 - 00000000 ____D () C:\Users\Schnarchnase\Documents\ArcaniA - AddOn
2015-05-10 04:49 - 2015-05-10 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Fall of Setarrif
2015-05-10 04:42 - 2015-05-10 04:42 - 00000000 ____D () C:\Program Files\Nordic Games
2015-05-10 04:34 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-05-10 04:34 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-05-10 04:34 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-05-10 04:34 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-05-10 04:34 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-05-10 04:34 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-05-10 04:34 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-05-10 04:34 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-05-10 04:34 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-10 04:33 - 2015-05-10 04:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-05-10 04:22 - 2015-05-10 04:22 - 00000000 ____D () C:\Program Files\JoWooD Entertainment AG
2015-05-10 04:21 - 2015-05-10 04:21 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Macromedia
2015-05-08 14:26 - 2015-05-22 12:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 14:26 - 2015-05-19 01:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-08 14:26 - 2015-05-19 01:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-08 14:26 - 2015-05-19 01:29 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Adobe
2015-05-08 14:26 - 2015-05-08 14:26 - 00000000 ____D () C:\Windows\system32\Macromed
2015-05-08 14:23 - 2015-05-08 14:23 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-08 14:23 - 2015-05-08 14:23 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Opera Software
2015-05-08 14:23 - 2015-05-08 14:23 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\Opera Software
2015-05-08 14:22 - 2015-05-21 13:40 - 00000000 ____D () C:\Program Files\Opera
2015-05-08 14:22 - 2015-05-08 14:22 - 00683976 _____ (Opera Software) C:\Users\Schnarchnase\Downloads\Opera_NI_stable.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 12:35 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 12:34 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 12:34 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 12:30 - 2014-12-14 14:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 12:30 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 12:12 - 2014-12-14 14:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 10:39 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-21 10:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-21 10:38 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-20 13:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-19 19:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2015-05-19 17:46 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2015-05-19 17:12 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-18 12:39 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-16 12:59 - 2014-12-15 23:47 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Adobe
2015-05-15 19:09 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2015-05-10 11:16 - 2014-12-14 14:36 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Local\VirtualStore
2015-05-10 11:13 - 2015-03-25 00:10 - 00000000 ____D () C:\Users\Schnarchnase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-10 11:02 - 2014-12-14 16:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-10 04:56 - 2015-03-25 06:38 - 00000007 _____ () C:\Users\Schnarchnase\Documents\mt-x_hook.txt
2015-05-10 04:56 - 2015-03-25 06:38 - 00000006 _____ () C:\Users\Schnarchnase\Documents\mt-e_hook.txt

==================== Files in the root of some directories =======

2014-12-14 16:02 - 2014-12-14 16:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Schnarchnase\AppData\Local\temp\catchme.dll
C:\Users\Schnarchnase\AppData\Local\temp\Quarantine.exe
C:\Users\Schnarchnase\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 16:29

==================== End of log ============================



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Schnarchnase at 2015-05-22 12:36:23
Running from C:\Users\Schnarchnase\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2017956324-529535752-2850090790-500 - Administrator - Disabled)
Gast (S-1-5-21-2017956324-529535752-2850090790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2017956324-529535752-2850090790-1002 - Limited - Enabled)
Schnarchnase (S-1-5-21-2017956324-529535752-2850090790-1000 - Administrator - Enabled) => C:\Users\Schnarchnase

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip v14.12 (HKLM\...\3DP Chip) (Version: v14.12 - )
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ArcaniA - Fall of Setarrif (HKLM\...\{BA1F2D65-B22F-47C7-A3D0-A7827DF20272}_is1) (Version:  - Nordic Games GmbH)
ArcaniA - Gothic 4 (HKLM\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - JoWooD Entertainment AG)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)
Creative Live! Cam Chat HD (VF0700) (1.00.06.00) (HKLM\...\Creative VF0700) (Version:  - Creative Technology Ltd.)
Dead Space™ 2 (HKLM\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.943.0 - Electronic Arts)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MegaTrainer eXperience V1.1.7.8 (HKLM\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7388 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
Unity Web Player (HKU\S-1-5-21-2017956324-529535752-2850090790-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zombie Shooter 2 v 1.0 (HKLM\...\Zombie Shooter 2_is1) (Version:  - Sigma Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2017956324-529535752-2850090790-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Schnarchnase\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points =========================

25-03-2015 21:39:11 Installiert Stronghold
28-03-2015 00:56:58 Installiert Stronghold Crusader Extreme
02-05-2015 21:46:31 Geplanter Prüfpunkt
05-05-2015 18:31:01 Removed Auto Clicker Asoftech
07-05-2015 04:26:53 Windows Update
10-05-2015 04:33:32 Installed NVIDIA PhysX
10-05-2015 04:33:57 DirectX wurde installiert
10-05-2015 04:49:52 DirectX wurde installiert
10-05-2015 11:01:48 DirectX 9.0 wurde installiert
10-05-2015 11:02:00 Installiert Oblivion
16-05-2015 12:57:45 Installed Adobe Acrobat Reader DC - Deutsch.
18-05-2015 12:18:55 DirectX wurde installiert
19-05-2015 17:11:22 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
21-05-2015 10:33:13 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-05-21 10:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CE6CB3A-438C-4CAF-A048-C4B678BAE464} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {238A6D86-A917-46F3-A2D5-A7F5322BCE2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {672750B1-1F35-4DA1-8DDC-35C52A3150C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
Task: {6AF3B3C9-7E83-430D-8DD1-BB7B04B143B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {9C885B61-E162-4E4B-89B7-868D936D4830} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {A8D1FBAB-14E0-4EAC-A6FF-6505ABE0A39B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {AC8BF0E5-0B68-4CBE-9654-F1AF5368BB46} - System32\Tasks\Opera scheduled Autoupdate 1431087785 => C:\Program Files\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {B904102B-B750-4C79-A967-F9AED76822C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {CA521A58-2A1C-4096-9BD7-302E2066F341} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-19 19:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-19 19:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-22 02:03 - 2014-11-22 02:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2017956324-529535752-2850090790-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{74F730BB-A2ED-44D5-B5B1-DFFFA04A5275}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{791D81DB-42B0-4C3A-9E3A-C9C02F7E4294}] => (Allow) E:\RE5\RE5DX9.EXE
FirewallRules: [{5CC35802-BAA6-44E5-B852-69C9BA94DA41}] => (Allow) E:\RE5\RE5DX9.EXE
FirewallRules: [{6CC0BC9F-D16F-4145-9CD3-96035A443232}] => (Allow) E:\RE5\RE5DX10.EXE
FirewallRules: [{3A047D63-79D5-4F50-98E8-7C6BDC4D6A0A}] => (Allow) E:\RE5\RE5DX10.EXE
FirewallRules: [{310556C8-42A9-43D3-AE15-78C4FEB54F28}] => (Allow) C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{A23127D2-7D79-4FAC-BBF1-114CB62F2105}] => (Allow) C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{5A5FFCED-D9D6-46BA-A68B-63623D90155B}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{03D1CDDE-48B2-4460-9803-6FAE105C0A70}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [TCP Query User{FAE7AB90-B11C-4B77-8CE5-EF596D122E62}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe] => (Allow) C:\program files\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [UDP Query User{D8E059D5-F89F-4F0D-927B-ED35ABA5808B}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe] => (Allow) C:\program files\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [{3716D860-68BE-4DF5-BBCD-DE225ADAD2EB}] => (Allow) C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{8A861458-0DBC-4F5E-8D07-7A0866549F38}] => (Allow) C:\Program Files\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{BCCCF426-073D-4208-ACE2-621F09FA38FE}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{95E06D9E-59A5-4126-8F7D-9CB139DCD493}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{CE7FBBF3-9ADE-410D-A588-F83703D2BC62}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{9BB56D23-5380-4AA1-9187-ACAC731326C7}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [TCP Query User{D93D9F6A-AA6F-4B12-95C6-288C21DF81B4}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{1DE454D6-406A-496F-8D4E-C8B7AD09444A}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [{0948DB1B-D2C9-4108-A469-B41108DAA07A}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{B33B645E-BB5E-4E50-92CF-275F5AE781CF}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{742E1DBE-2718-46FC-B243-35BB43175FE5}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{AF9558C8-FF30-40D7-B61E-1BC6FF439290}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{99EB4344-14AF-431E-813B-0E9A688B6F46}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 00:32:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 00:29:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 00:05:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:37:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/21/2015 10:36:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/21/2015 10:31:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 07:31:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 07:21:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 01:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/22/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2015 00:30:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
sfhlp01

Error: (05/22/2015 00:30:29 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prodrv06.sys konnte nicht geladen werden.

Error: (05/22/2015 00:30:26 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prohlp02.sys konnte nicht geladen werden.

Error: (05/22/2015 00:30:26 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prosync1.sys konnte nicht geladen werden.

Error: (05/22/2015 00:30:26 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfhlp01.sys konnte nicht geladen werden.


Microsoft Office:
=========================
Error: (05/22/2015 00:32:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 00:29:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 00:05:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:37:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\3dp chip\DPInst64.exe

Error: (05/21/2015 10:36:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\AMD\ATI.ACE\Core-Static\SLSTaskbar64.exe

Error: (05/21/2015 10:31:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 07:31:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 07:21:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 01:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 21%
Total physical RAM: 3583.12 MB
Available physical RAM: 2822.58 MB
Total Pagefile: 7164.53 MB
Available Pagefile: 6374.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:302.64 GB) (Free:231.34 GB) NTFS
Drive d: () (Fixed) (Total:488.28 GB) (Free:476.94 GB) NTFS
Drive e: () (Fixed) (Total:140.5 GB) (Free:133.53 GB) NTFS
Drive f: (Disk1) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1D545EAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=302.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)

==================== End of log ============================


Gruß,Cooltool

schrauber 23.05.2015 06:20
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [C:\Windows\system32\V0700Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0700Ext.ax
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

CoolTool12 23.05.2015 09:29
Guten morgen,

Code:
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Schnarchnase at 2015-05-23 10:10:52 Run:1
Running from C:\Users\Schnarchnase\Desktop
Loaded Profiles: Schnarchnase (Available profiles: Schnarchnase)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [C:\Windows\system32\V0700Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0700Ext.ax
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-2017956324-529535752-2850090790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\C:\Windows\system32\V0700Ext.ax => value Deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-2017956324-529535752-2850090790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
EmptyTemp: => Removed 257.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:10:55 ====


hier ist erst mal die fixlog.txt ,kann auch bis jetzt keine probleme mehr festestellen,werde aber später noch den eset-online scanner anwerfen-zur sicherheit,das auch wirklich alles weg ist,und poste die logs auch noch später,ich kann mir auch schon denken woher der mist kam,hatte mir n trainer für company of heroes geladen und der war wohl "infiziert",habe die einträge in den ganzen logs ja gesehen : "zombienews" und dergleichen,das grenzt ja schon an die berühmte chaostheorie :crazy: ich sag nochmals danke für ihre hilfe und freu mich darüber um ne neuinstallation herumgekommen zu sein :dankeschoen:

was mich nur gewundert hatte war das ständig neue prozesse von irgendeiner mal/addware vorhanden waren,trotz den ganzen löschaktionen die ich unternommen hatte,war das vielleicht so etwas wie n addware verteiler?

Gruß CoolTool

schrauber 24.05.2015 06:06
Was genau meinst Du ? Seit wir hier im THread arbeiten kam das nicht vor.

CoolTool12 24.05.2015 12:46
hallo schrauber,
als ich zum ersten mal adwcleaner ausgeführt hatte war nur dieses webTinstMKTN84 vorhanden und auch nachdem löschen immer wieder da,malwarebytes hatte auch viele sachen gefunden die ich daraufhin allesamt entfernt hatte aber nach dem neustart waren die probleme ständig die selben und nach dem neueren ausführen von adwcleaner und auch malwarebytes waren nicht nur die alten sondern neue mal/addware vorhanden obwohl ich nicht im internet war und auch nichts heruntergeladen habe-daraufhin habe ich diesen thread erstellt und darauf bezog sich meine frage

schrauber 25.05.2015 10:41
Aso. Jetzt ist aber alles sauber :)


http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131