|
Antiviren-, Firewall- und andere Schutzprogramme: Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
28.09.2015, 23:17 | #1 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Guten Abend liebe Community, ich hoffe hier mein "kleines" Problem lösen zu können. Deshalb frage ich einfach mal Experten : Meine Firewall lässt sich nicht über die Systemsteuerung starten, weder noch kann ich den Windows Firewall-Dienst nicht aktivieren. In der Systemsteuerung wird mir vorbehalten, dass meine Firewall nicht die empfohlenen Einstellungen benutzt. Ein Klick auf die Schaltfläche "use recommended settings" erbringt mir nur die Anzeige "Windows Firewall can't change some of your settings. Error code 0x8007042c". Das Starten des Dienstes wird mit "Windows could not start the Windows Firewall service on local Computer" abgebrochen. Ich benutze Windows 7 Ultimate 64 bit Installiert habe ich dies vor einiger Zeit und mein dazu beigelegter Schlüssel hat nicht funktioniert. Ich habe dann einen Ersatzkey für das Aktivieren von Windows zugeschickt bekommen und dieser funktionierte, seitdem die Firewall aber nicht mehr. Ich habe meinen Account (eigentlich) als Administrator eingestellt und so wird er mir auch angezeigt, ich hatte bislang keine Probleme mit irgendwelchen fehlenden Zugriffsrechten. Ein Scan per Avira, Windows Defender und Glary Utilities PRO brachte immer dasselbe Resultat : Keine Viren oder Trojaner gefunden. Auch das FixIt Programm von Microsoft selbst für Malware (MicrosoftFixit.malware.RNP.Run.exe) und WinSecurity (MicrosoftFixit.WinSecurity.RNP.Run.exe) hat nichts erbracht. Es wurde lediglich ein Benutzer Problem gelöst, anstatt die Firewall. Den Scan von FRST lege ich als Anhang bei. FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01 Ran by Sebastian (administrator) on SEBASTIAN-PC (29-09-2015 00:11:13) Running from C:\Users\Sebastian\Desktop Loaded Profiles: Sebastian (Available Profiles: Sebastian) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: F - F:\Launcher.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {09f675f1-6a64-11e4-b973-002522244cea} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {300f7dc7-b615-11e4-b578-002522244cea} - E:\iLinker.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {322b6ae7-efa6-11e3-a92a-002522244cea} - E:\DLC_setup.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {5a5dd440-ccbb-11e4-badf-002522244cea} - F:\Launcher.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {5a5dd444-ccbb-11e4-badf-002522244cea} - H:\RunGame.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {9b91e911-fed8-11e4-aef9-002522244cea} - E:\pushinst.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {a798d358-5b62-11e4-addf-002522244cea} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2015-09-13] ShortcutTarget: IMVU.lnk -> C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe () BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{22C59305-49D5-4BA9-8BF1-60AD6F69C9C1}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{28B36D87-CD5F-4CB2-9EA8-226D45F9E653}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{377D1EB0-3BE5-4C9F-8E03-B65FD366FAA4}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{42C326A8-54E1-4730-B551-49A42192B68C}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{74EA7251-30F1-41FE-9A9A-44ED6DD54FF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7E99F149-6098-46F9-BD69-A51C805D9AA5}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{97B3965E-BD65-4CE0-A58C-3526ED05B532}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{C4E114F4-E6FB-4899-8CDD-59F2158204E0}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254 Tcpip\..\Interfaces\{F0E47A82-3989-4501-981C-6A837C3266DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.omniboxes.com/?type=sc&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-1798516267-2414223650-3212704099-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-27] (Unity Technologies ApS) FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-09] Chrome: ======= CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02] CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] CHR Extension: (YouTube Unblocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-11-27] CHR Extension: (Diablo 3 - Dark) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnbkjlapbofhmbaeabglnbgjacmmmdj [2014-06-03] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29] CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29] CHR Extension: (Auto-HD für YouTube™) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-06-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-18] (Electronic Arts) S3 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S3 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-04] (Microsoft Corporation) [File not signed] S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X] S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-18] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-04] (Glarysoft Ltd) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2015-05-17] (Realtek Semiconductor Corporation ) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [33280 2014-07-29] (Microsoft Corporation) [File not signed] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 mpsdrv; System32\drivers\mpsdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 00:11 - 2015-09-29 00:11 - 00025383 _____ C:\Users\Sebastian\Desktop\FRST.txt 2015-09-29 00:11 - 2015-09-29 00:11 - 00000000 ____D C:\FRST 2015-09-29 00:10 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2015-09-29 00:03 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-09-28 23:51 - 2015-09-28 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.malware.RNP.Run.exe 2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 _____ C:\Windows\system32\netsh 2015-09-28 23:48 - 2015-09-28 23:48 - 00059200 _____ C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-28 23:47 - 2015-09-28 23:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.WinSecurity.RNP.Run.exe 2015-09-28 23:18 - 2015-09-28 23:19 - 00000000 ____D C:\Users\Sebastian\Desktop\Textdokumente 2015-09-28 23:17 - 2015-09-28 23:37 - 00000000 ____D C:\Users\Sebastian\Desktop\Wichtige Programme 2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Spiele 2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Anderes Zeug 2015-09-20 17:23 - 2015-09-20 17:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-09-18 18:31 - 2015-09-21 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-28 23:59 - 2014-06-02 17:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-28 23:41 - 2015-01-20 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2015-09-28 23:24 - 2014-06-02 13:18 - 00000000 ____D C:\Users\Sebastian 2015-09-28 23:22 - 2014-06-09 09:37 - 00000000 ____D C:\Users\Sebastian\Documents\My Games 2015-09-28 23:22 - 2014-06-03 17:57 - 00000000 ___RD C:\Users\Sebastian\Desktop\Bilder 2015-09-28 23:21 - 2015-01-04 04:52 - 00000000 ____D C:\Users\Sebastian\Desktop\Musik 2015-09-28 23:14 - 2014-06-02 17:55 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-28 21:40 - 2014-06-02 17:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype 2015-09-28 18:36 - 2014-06-02 17:27 - 00000000 ____D C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi 2015-09-28 17:44 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-28 17:44 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-28 17:40 - 2014-06-03 01:41 - 01167894 _____ C:\Windows\WindowsUpdate.log 2015-09-28 17:40 - 2009-07-14 07:13 - 00781914 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-28 17:36 - 2015-03-23 02:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVU 2015-09-28 17:35 - 2014-08-04 02:06 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2015-09-28 17:33 - 2014-06-02 17:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-28 17:33 - 2014-06-02 17:00 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-28 17:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-28 02:36 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ftblauncher 2015-09-27 17:53 - 2014-06-03 16:36 - 00000000 ____D C:\Program Files (x86)\osu! 2015-09-27 13:33 - 2014-08-04 23:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client 2015-09-23 20:02 - 2015-06-30 01:34 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Akamai 2015-09-23 15:59 - 2014-06-09 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\.minecraft 2015-09-22 18:29 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Battle.net 2015-09-22 15:41 - 2015-01-20 16:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-22 15:41 - 2015-01-20 16:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-09-22 15:41 - 2014-06-12 01:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-22 14:51 - 2014-09-20 06:44 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-09-22 14:50 - 2014-06-06 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-09-22 14:46 - 2015-07-09 06:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-20 17:23 - 2015-02-20 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-09-20 17:23 - 2014-11-23 20:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent 2015-09-20 00:49 - 2015-02-20 20:57 - 00000000 ____D C:\Program Files (x86)\Minecraft 2015-09-13 17:06 - 2015-03-23 02:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVUClient 2015-09-13 04:03 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net 2015-09-12 22:19 - 2014-06-02 17:09 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google 2015-09-03 12:22 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\ftblauncher 2015-08-31 15:37 - 2015-05-17 17:14 - 00000366 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2015-08-31 01:07 - 2015-05-17 17:14 - 00002740 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun 2015-08-31 01:01 - 2014-09-06 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite ==================== Files in the root of some directories ======= 2015-03-15 21:16 - 2015-03-15 21:16 - 0000000 ___SH () C:\Users\Sebastian\AppData\Local\LumaEmu Some files in TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\gusetup0.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe [2010-11-21 05:24] - [2010-11-21 05:24] - 4773888 ____A (Microsoft Corporation) FD52F5EA481E3CF5D763E80A86F3A2E5 C:\Windows\SysWOW64\explorer.exe [2010-11-21 05:24] - [2010-11-21 05:24] - 4517888 ____A (Microsoft Corporation) 6ECDEE497748D04851DE0D7631343446 C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-22 23:41 ==================== End of FRST.txt ============================ --- --- --- Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 Ran by Sebastian (2015-09-29 00:12:02) Running from C:\Users\Sebastian\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-06-02 11:18:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1798516267-2414223650-3212704099-500 - Administrator - Disabled) Guest (S-1-5-21-1798516267-2414223650-3212704099-501 - Limited - Disabled) Sebastian (S-1-5-21-1798516267-2414223650-3212704099-1000 - Administrator - Enabled) => C:\Users\Sebastian ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.) Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Akamai) (Version: - Akamai Technologies, Inc) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Echo of Soul (HKLM-x32\...\Steam App 290140) (Version: - Nvius) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) IMVU Avatar Chat Software (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\IMVU Avatar chat client software BETA) (Version: - ) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden Magic 2015 Demo (HKLM-x32\...\Steam App 255440) (Version: - Stainless Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version: - NEKO WORKs) NEKOPARA vol.1 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\{64DC04AF-BD7C-4CF4-9CA4-938953224328}) (Version: - NEKO WORKs) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{5415a005-4f91-4436-9ae1-13db6955a13f}) (Version: latest - ppy Pty Ltd) PlanetSide 2 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0184.1 - REALTEK Semiconductor Corp.) RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER) Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) tAPI version 1.2.4.1 r14a (HKLM-x32\...\{6D47E78A-A9FE-41B8-A5C6-8A6A04FB8F71}_is1) (Version: 1.2.4.1 r14a - tAPI Development Team) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc) TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.2.1 - TP-LINK) Unity Web Player (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 18-09-2015 17:32:47 Windows Update 22-09-2015 15:00:02 Windows Update 25-09-2015 19:24:35 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-22 09:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {194826E4-0EC4-4230-B40D-66E1A4920BD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe Task: {68A78A2B-08DC-477E-95CE-81259277CDE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {A3A53087-B8D5-4E92-9456-2D61A38710E2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd) Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe Task: {C8ACEA93-ED2D-4876-BB89-A8651F5E5789} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION Task: {D06E6894-CCC0-4D71-924D-481EF208E1D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {E495149C-3445-435B-B1AB-BBEA392FEA73} - System32\Tasks\{7B02836B-1F9B-4042-BA33-760343F39CA7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain Task: {E91F2FD0-A7B5-43AD-9D13-9BB400D34BE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 17:00 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-07-22 00:00 - 2015-07-14 07:55 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libglesv2.dll 2015-07-22 00:00 - 2015-07-14 07:55 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libegl.dll 2014-06-02 17:59 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 22:35 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 22:35 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 22:35 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-06-02 17:59 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-30 17:00 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-30 17:00 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-30 17:00 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-30 17:00 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-30 17:00 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-06-02 17:59 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-22 03:15 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2014-06-02 17:59 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-07-21 05:01 - 2014-07-21 05:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1) mpsdrv Firewall Service is not running. MpsSvc Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80 FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80 FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80 ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2015 05:34:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 11:44:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 05:12:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2015 07:47:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvBackend.exe, version: 16.13.42.0, time stamp: 0x5418ec0a Faulting module name: NvBackend.exe, version: 16.13.42.0, time stamp: 0x5418ec0a Exception code: 0xc0000005 Fault offset: 0x0007b023 Faulting process id: 0x518 Faulting application start time: 0xNvBackend.exe0 Faulting application path: NvBackend.exe1 Faulting module path: NvBackend.exe2 Report Id: NvBackend.exe3 Error: (09/24/2015 07:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2015 02:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2015 12:47:49 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe Error: (09/23/2015 10:52:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Steam.exe version 2.92.69.85 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 92c Start Time: 01d0f641bf011b29 Termination Time: 0 Application Path: C:\Program Files (x86)\Steam\Steam.exe Report Id: 05b8b262-6235-11e5-87b7-002522244cea Error: (09/23/2015 10:52:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/23/2015 08:27:23 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe System errors: ============= Error: (09/29/2015 12:10:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/29/2015 12:10:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 Error: (09/29/2015 12:10:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/29/2015 12:10:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 Error: (09/29/2015 12:09:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/29/2015 12:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 Error: (09/29/2015 12:09:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/29/2015 12:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 Error: (09/29/2015 12:09:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/29/2015 12:09:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 CodeIntegrity: =================================== Date: 2015-09-28 17:36:29.579 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 17:36:29.547 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 11:45:53.750 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 11:45:53.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-26 17:13:28.000 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-26 17:13:27.969 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 19:13:31.704 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 19:13:31.672 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 14:05:55.281 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 14:05:55.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 250 Processor Percentage of memory in use: 55% Total physical RAM: 4095.3 MB Available physical RAM: 1817.12 MB Total Virtual: 64093.48 MB Available Virtual: 61684.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:176.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7603C0BB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ --- --- --- Ich hoffe ihr könnt mir weiterhelfen. Mit freundlichen Grüßen, xaont Geändert von xaont (28.09.2015 um 23:25 Uhr) |
28.09.2015, 23:29 | #2 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
__________________ |
28.09.2015, 23:43 | #3 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) So schnell? D: Vielen Dank!
__________________ |
29.09.2015, 13:23 | #4 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
Schritt 1 Scan mit Combofix
Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
29.09.2015, 15:19 | #5 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Hallo Rafael! Erst einmal vielen Dank für die schnelle Antwort, Während des Scans erschien öfter die Fehlermeldung "Commandline Standard Stream Splitter has stopped working", so etwa 15-20 Mal bis sich der Computer neugestartet hat. Seit des gestrigen Scans mit FRST hatte ich Heute Morgen die Möglichkeit über 100 neue Windows-Updates zu installieren. Diese wurden mir aber auch durch den Fehler "Unable to install Update (Error Code x80010108) verweigert. Eine Fehlermeldung nach Neustart des Computers bekam ich allerdings nicht, ansonsten lief alles einwandfrei hat das Problem aber nicht gelöst. Code:
ATTFilter ComboFix 15-09-25.01 - Sebastian 29.09.2015 15:39:49.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.4095.2285 [GMT 2:00] ausgeführt von:: c:\users\Sebastian\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\DRIVERS\beep.sys c:\windows\msdownld.tmp c:\windows\SysWow64\installd.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV . . ((((((((((((((((((((((( Dateien erstellt von 2015-08-28 bis 2015-09-29 )))))))))))))))))))))))))))))) . . 2015-09-29 14:00 . 2015-09-29 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-09-29 13:29 . 2015-09-29 13:29 -------- d-----w- c:\users\Sebastian\AppData\Local\VirtualStore 2015-09-28 22:11 . 2015-09-28 22:12 -------- d-----w- C:\FRST 2015-09-28 21:50 . 2015-09-28 21:53 -------- d-----w- c:\users\Sebastian\AppData\Local\ElevatedDiagnostics 2015-09-28 09:53 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1947ABA-AB2B-441D-A6AF-F32128CC4875}\mpengine.dll 2015-09-27 09:55 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-09-23 21:01 . 2015-07-02 12:51 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6169EF9-5F75-4655-91F0-55023A877136}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-22 13:41 . 2015-01-20 14:38 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-09-22 13:41 . 2014-06-11 23:23 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-03 10:12 . 2014-06-26 14:24 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-07-02 12:51 . 2014-07-05 16:29 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [-] 2010-11-21 . FD52F5EA481E3CF5D763E80A86F3A2E5 . 4773888 . . [6.1.7600.16385] .. c:\windows\explorer.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Sebastian\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384] "GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-07-21 37152] . c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" [2015-8-13 217568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="explorer.exe, c:\users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start . R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys;c:\program files (x86)\VMLaunch\BuddyVM.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x] R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x] R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Realtek11nCU;Realtek11nCU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x] R3 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x] R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-21 21:59 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.89\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20 13:41] . 2015-09-29 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21 03:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} mDefault_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF mStart Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} uInternet Settings,ProxyOverride = <local> IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Sebastian\AppData\Local\Temp\ie_script.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Glary Utilities 5\Integrator.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-09-29 16:08:43 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-09-29 14:08 . Vor Suchlauf: 190.737.477.632 bytes free Nach Suchlauf: 195.295.383.552 bytes free . - - End Of File - - 6BE8925DFC51D8B0C2B9E91D49ABAA21 A36C5E4F47E84449FF07ED3517B43A31 Sebastian |
29.09.2015, 20:43 | #6 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Ja das ist nicht verwunderlich, da hast du dir nämlich ganz schon was eingefangen. Bevor wir sauber machen können, brauche ich von dir einen zusätzlichen Scan: Schritt 1
Bitte poste in deiner nächsten Antwort also:
__________________ --> Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) |
29.09.2015, 21:28 | #7 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 Ran by Sebastian (2015-09-29 22:22:52) Running from C:\Users\Sebastian\Desktop Boot Mode: Normal ================== Search Files: "explorer.exe" ============= C:\Windows\explorer.exe [2010-11-21 05:24][2010-11-21 05:24] 4773888 ____A (Microsoft Corporation) FD52F5EA481E3CF5D763E80A86F3A2E5 [File not signed] C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2014-08-07 15:12][2011-02-26 07:19] 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 [File is digitally signed] C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2014-08-07 15:12][2011-02-25 07:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is digitally signed] C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2014-08-07 15:12][2011-02-26 08:14] 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 [File is digitally signed] C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2014-08-07 15:12][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is digitally signed] C:\Windows\SysWOW64\explorer.exe [2010-11-21 05:24][2010-11-21 05:24] 4517888 ____A (Microsoft Corporation) 6ECDEE497748D04851DE0D7631343446 [File not signed] ====== End of Search ====== |
30.09.2015, 14:36 | #8 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Run Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter closeprocesses: Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\SysWOW64\explorer.exe HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254 Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION C:\Users\Sebastian\AppData\Local\28342 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION emptytemp:
Schritt 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Scan Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
30.09.2015, 19:18 | #9 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Danke schön, hier die Textdateien : Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 Ran by Sebastian (2015-09-30 20:04:58) Run:1 Running from C:\Users\Sebastian\Desktop Loaded Profiles: Sebastian (Available Profiles: Sebastian) Boot Mode: Normal ============================================== fixlist content: ***************** closeprocesses: Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\SysWOW64\explorer.exe HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254 Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION C:\Users\Sebastian\AppData\Local\28342 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION emptytemp: ***************** Processes closed successfully. C:\Windows\explorer.exe => moved successfully C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe C:\Windows\SysWOW64\explorer.exe => moved successfully C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found. "C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe" => File/Folder not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}\\DhcpNameServer => value removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE239D31-64A1-4530-8C64-4EED4CE9634E} => key not found. C:\Windows\System32\Tasks\AmiUpdXp => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. C:\Windows\Tasks\AmiUpdXp.job => not found. "C:\Users\Sebastian\AppData\Local\28342" => File/Folder not found. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully EmptyTemp: => 1.7 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 20:07:06 ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01 Ran by Sebastian (administrator) on SEBASTIAN-PC (30-09-2015 20:11:38) Running from C:\Users\Sebastian\Desktop Loaded Profiles: Sebastian (Available Profiles: Sebastian) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUClient.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoResolveSearch] 1 Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2015-09-13] ShortcutTarget: IMVU.lnk -> C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe () BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{22C59305-49D5-4BA9-8BF1-60AD6F69C9C1}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{28B36D87-CD5F-4CB2-9EA8-226D45F9E653}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{377D1EB0-3BE5-4C9F-8E03-B65FD366FAA4}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{42C326A8-54E1-4730-B551-49A42192B68C}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{74EA7251-30F1-41FE-9A9A-44ED6DD54FF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7E99F149-6098-46F9-BD69-A51C805D9AA5}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{97B3965E-BD65-4CE0-A58C-3526ED05B532}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{C4E114F4-E6FB-4899-8CDD-59F2158204E0}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{F0E47A82-3989-4501-981C-6A837C3266DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-1798516267-2414223650-3212704099-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-27] (Unity Technologies ApS) FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-09] Chrome: ======= CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02] CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] CHR Extension: (YouTube Unblocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-11-27] CHR Extension: (Diablo 3 - Dark) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnbkjlapbofhmbaeabglnbgjacmmmdj [2014-06-03] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29] CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29] CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29] CHR Extension: (Auto-HD für YouTube™) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-06-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-18] (Electronic Arts) S3 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S3 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-04] (Microsoft Corporation) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X] S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-18] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-04] (Glarysoft Ltd) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2015-05-17] (Realtek Semiconductor Corporation ) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [33280 2014-07-29] (Microsoft Corporation) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 mpsdrv; System32\drivers\mpsdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 20:11 - 2015-09-30 20:12 - 00022643 _____ C:\Users\Sebastian\Desktop\FRST.txt 2015-09-30 03:12 - 2015-09-30 14:13 - 00023245 _____ C:\Windows\IE11_main.log 2015-09-30 03:11 - 2015-09-30 03:11 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-09-29 22:22 - 2015-09-29 22:28 - 00001597 _____ C:\Users\Sebastian\Desktop\Search.txt 2015-09-29 16:59 - 2015-09-29 16:59 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CEF 2015-09-29 16:08 - 2015-09-29 16:08 - 00013983 _____ C:\ComboFix.txt 2015-09-29 16:02 - 2015-09-30 20:08 - 00000876 _____ C:\Windows\PFRO.log 2015-09-29 15:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-29 15:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-29 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-29 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-29 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-29 15:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-29 15:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-29 15:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-29 15:36 - 2015-09-29 16:08 - 00000000 ____D C:\Qoobox 2015-09-29 15:36 - 2015-09-29 16:07 - 00000000 ____D C:\Windows\erdnt 2015-09-29 15:33 - 2015-09-29 15:33 - 05636489 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe 2015-09-29 15:32 - 2015-09-29 15:33 - 05636489 _____ (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe 2015-09-29 15:31 - 2015-09-29 15:31 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Macromedia 2015-09-29 15:29 - 2015-09-29 15:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\VirtualStore 2015-09-29 05:55 - 2015-09-30 20:09 - 00001512 _____ C:\Windows\setupact.log 2015-09-29 05:55 - 2015-09-29 05:55 - 00000000 _____ C:\Windows\setuperr.log 2015-09-29 00:11 - 2015-09-30 20:11 - 00000000 ____D C:\FRST 2015-09-29 00:10 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe 2015-09-29 00:03 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-09-28 23:51 - 2015-09-28 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.malware.RNP.Run.exe 2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 _____ C:\Windows\system32\netsh 2015-09-28 23:48 - 2015-09-28 23:48 - 00059200 _____ C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-28 23:47 - 2015-09-28 23:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.WinSecurity.RNP.Run.exe 2015-09-28 23:18 - 2015-09-30 04:25 - 00000000 ____D C:\Users\Sebastian\Desktop\Textdokumente 2015-09-28 23:17 - 2015-09-29 22:22 - 00000000 ____D C:\Users\Sebastian\Desktop\Wichtige Programme 2015-09-28 23:17 - 2015-09-29 16:59 - 00000000 ____D C:\Users\Sebastian\Desktop\Anderes Zeug 2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Spiele 2015-09-20 17:23 - 2015-09-20 17:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-09-18 18:31 - 2015-09-21 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 20:11 - 2015-03-23 02:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVU 2015-09-30 20:11 - 2014-08-04 02:06 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2015-09-30 20:11 - 2014-08-04 02:06 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2015-09-30 20:09 - 2014-06-02 13:18 - 00000000 ____D C:\Users\Sebastian 2015-09-30 20:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-30 20:08 - 2014-06-02 17:00 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-30 20:07 - 2014-06-03 01:41 - 01243146 _____ C:\Windows\WindowsUpdate.log 2015-09-30 20:07 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-30 20:07 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-30 13:41 - 2015-01-20 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-30 10:56 - 2014-06-02 17:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype 2015-09-30 03:11 - 2014-07-03 19:40 - 00001945 _____ C:\Windows\epplauncher.mif 2015-09-30 03:11 - 2014-07-03 19:39 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-09-30 03:11 - 2014-07-03 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2015-09-30 02:46 - 2014-06-02 17:27 - 00000000 ____D C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi 2015-09-30 00:26 - 2014-06-02 17:55 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-29 19:56 - 2014-08-04 23:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client 2015-09-29 16:08 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-09-29 16:04 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-29 16:01 - 2012-07-22 01:43 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak 2015-09-29 16:01 - 2012-07-22 01:42 - 39845888 _____ C:\Windows\system32\config\COMPONENTS.bak 2015-09-29 16:01 - 2012-07-22 01:42 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak 2015-09-29 16:01 - 2012-07-22 01:41 - 51118080 _____ C:\Windows\system32\config\SOFTWARE.bak 2015-09-29 16:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-09-29 16:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2015-09-28 23:22 - 2014-06-09 09:37 - 00000000 ____D C:\Users\Sebastian\Documents\My Games 2015-09-28 23:22 - 2014-06-03 17:57 - 00000000 ___RD C:\Users\Sebastian\Desktop\Bilder 2015-09-28 23:21 - 2015-01-04 04:52 - 00000000 ____D C:\Users\Sebastian\Desktop\Musik 2015-09-28 17:40 - 2009-07-14 07:13 - 00781914 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-28 02:36 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ftblauncher 2015-09-27 17:53 - 2014-06-03 16:36 - 00000000 ____D C:\Program Files (x86)\osu! 2015-09-23 20:02 - 2015-06-30 01:34 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Akamai 2015-09-23 15:59 - 2014-06-09 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\.minecraft 2015-09-22 18:29 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Battle.net 2015-09-22 15:41 - 2015-01-20 16:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-22 15:41 - 2015-01-20 16:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-09-22 15:41 - 2014-06-12 01:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-22 14:51 - 2014-09-20 06:44 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-09-22 14:50 - 2014-06-06 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-09-22 14:46 - 2015-07-09 06:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-20 17:23 - 2015-02-20 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-09-20 17:23 - 2014-11-23 20:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent 2015-09-20 00:49 - 2015-02-20 20:57 - 00000000 ____D C:\Program Files (x86)\Minecraft 2015-09-13 17:06 - 2015-03-23 02:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVUClient 2015-09-13 04:03 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net 2015-09-12 22:19 - 2014-06-02 17:09 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google 2015-09-03 12:22 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\ftblauncher 2015-08-31 01:01 - 2014-09-06 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite ==================== Files in the root of some directories ======= 2015-03-15 21:16 - 2015-03-15 21:16 - 0000000 ___SH () C:\Users\Sebastian\AppData\Local\LumaEmu Some files in TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\gusetup9.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-22 23:41 ==================== End of FRST.txt ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 Ran by Sebastian (2015-09-30 20:12:55) Running from C:\Users\Sebastian\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-06-02 11:18:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1798516267-2414223650-3212704099-500 - Administrator - Disabled) Guest (S-1-5-21-1798516267-2414223650-3212704099-501 - Limited - Disabled) Sebastian (S-1-5-21-1798516267-2414223650-3212704099-1000 - Administrator - Enabled) => C:\Users\Sebastian ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.) Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Akamai) (Version: - Akamai Technologies, Inc) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Echo of Soul (HKLM-x32\...\Steam App 290140) (Version: - Nvius) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) IMVU Avatar Chat Software (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\IMVU Avatar chat client software BETA) (Version: - ) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden Magic 2015 Demo (HKLM-x32\...\Steam App 255440) (Version: - Stainless Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version: - NEKO WORKs) NEKOPARA vol.1 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\{64DC04AF-BD7C-4CF4-9CA4-938953224328}) (Version: - NEKO WORKs) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{5415a005-4f91-4436-9ae1-13db6955a13f}) (Version: latest - ppy Pty Ltd) PlanetSide 2 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0184.1 - REALTEK Semiconductor Corp.) RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER) Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) tAPI version 1.2.4.1 r14a (HKLM-x32\...\{6D47E78A-A9FE-41B8-A5C6-8A6A04FB8F71}_is1) (Version: 1.2.4.1 r14a - tAPI Development Team) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc) TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.2.1 - TP-LINK) Unity Web Player (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 30-09-2015 01:35:32 Windows Update 30-09-2015 03:00:18 Windows Update 30-09-2015 11:02:12 Windows Update 30-09-2015 14:00:52 Windows Update 30-09-2015 20:07:00 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-22 09:18 - 2015-09-29 16:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe Task: {68A78A2B-08DC-477E-95CE-81259277CDE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {A3A53087-B8D5-4E92-9456-2D61A38710E2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd) Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe Task: {E495149C-3445-435B-B1AB-BBEA392FEA73} - System32\Tasks\{7B02836B-1F9B-4042-BA33-760343F39CA7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain Task: {E91F2FD0-A7B5-43AD-9D13-9BB400D34BE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe ==================== Loaded Modules (Whitelisted) ============== 2014-06-02 17:00 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-13 19:47 - 2015-08-13 19:47 - 00217568 _____ () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe 2015-08-13 19:47 - 2015-08-13 19:47 - 00221152 _____ () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUClient.exe 2014-07-21 05:01 - 2014-07-21 05:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1) mpsdrv Firewall Service is not running. MpsSvc Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80 FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80 FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80 ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (09/30/2015 08:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2015 07:58:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2015 07:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2015 11:40:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2015 11:36:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/29/2015 04:03:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/29/2015 03:59:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Exception code: 0xc0000005 Fault offset: 0x00002833 Faulting process id: 0x13bc Faulting application start time: 0xmtee.3XE0 Faulting application path: mtee.3XE1 Faulting module path: mtee.3XE2 Report Id: mtee.3XE3 Error: (09/29/2015 03:59:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Exception code: 0xc0000005 Fault offset: 0x00002833 Faulting process id: 0x12dc Faulting application start time: 0xmtee.3XE0 Faulting application path: mtee.3XE1 Faulting module path: mtee.3XE2 Report Id: mtee.3XE3 Error: (09/29/2015 03:57:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Exception code: 0xc0000005 Fault offset: 0x00002833 Faulting process id: 0x4ac Faulting application start time: 0xmtee.3XE0 Faulting application path: mtee.3XE1 Faulting module path: mtee.3XE2 Report Id: mtee.3XE3 Error: (09/29/2015 03:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a Exception code: 0xc0000005 Fault offset: 0x00002833 Faulting process id: 0x924 Faulting application start time: 0xmtee.3XE0 Faulting application path: mtee.3XE1 Faulting module path: mtee.3XE2 Report Id: mtee.3XE3 System errors: ============= Error: (09/30/2015 08:10:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (09/30/2015 08:10:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%2 Error: (09/30/2015 08:09:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WinDefend service terminated with the following error: %%-2147024894 Error: (09/30/2015 08:09:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BuddyVM service failed to start due to the following error: %%3 Error: (09/30/2015 08:09:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: %%2 Error: (09/30/2015 08:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Firewall Authorization Driver service failed to start due to the following error: %%2 Error: (09/30/2015 08:08:28 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (09/30/2015 08:06:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: %%1056 Error: (09/30/2015 08:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/30/2015 08:04:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2015-09-29 16:00:30.032 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-29 16:00:30.000 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 17:36:29.579 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 17:36:29.547 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 11:45:53.750 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 11:45:53.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-26 17:13:28.000 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-26 17:13:27.969 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 19:13:31.704 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-24 19:13:31.672 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 250 Processor Percentage of memory in use: 25% Total physical RAM: 4095.3 MB Available physical RAM: 3038.16 MB Total Virtual: 64093.48 MB Available Virtual: 63021.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:182.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7603C0BB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Mir ist aufgefallen, dass FRST nun länger braucht zum Starten (vorher etwa 3 Sekunden, nun etwa 10-15 Sekunden , wenn nicht noch länger) |
30.09.2015, 19:46 | #10 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Schritt 1 Lade dir Malwarebytes Anti-Malware herunter, installiere es und starte es im Anschluss
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Frage Wie verhält sich dein System so? Funktionieren die Windows Updates und die Firewall wieder? Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
30.09.2015, 21:19 | #11 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 30.09.2015 Suchlaufzeit: 21:13 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.30.06 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sebastian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 374192 Abgelaufene Zeit: 28 Min., 59 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 21 PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1feff44295f6ad895c8a95ec14f00cf4], PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, In Quarantäne, [38d69d995437dc5ada221f700df711ef], PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, In Quarantäne, [7e90dd59fb90a2942ece612e3bc9a35d], PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [75996cca4c3fad89b67decbf7094db25], PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware, In Quarantäne, [47c7dc5acebd93a3ea9063dc08fb4cb4], PUP.Optional.WPM, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [2ae4aa8c18735bdb622eca08758f1ae6], PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [3ad4ff371279ed49bd29265be4206c94], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [b45a84b29eed2d0951d4dbeec44030d0], PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [f21c89ade3a81125f6e7c40d0cf83ac6], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [27e7ed493d4e10264a9be1a03cc825db], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [d8366fc76f1c9b9b0dd8fb86ba4ad42c], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a46a8caabad1e353af36d6ab0afa4ab6], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{637D6E3C-DF93-48A5-8362-159A8AC56B11}, In Quarantäne, [cf3f89ad1f6c280ec124d2af0004a957], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}, In Quarantäne, [917df04693f8d75f4b9a255cab5956aa], PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [48c6ae880883bb7b796cafd214f0b24e], PUP.Optional.Iminent, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [ba54d264d8b3d066dd8f0ba09272d927], PUP.Optional.Iminent, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [b95540f61f6ced49204d4e5d6c98f10f], PUP.Optional.Linkey, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [0fff0c2a2e5dca6ce9fd0aa4b252f907], PUP.Optional.SearchProtect, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [d33b91a5f7949c9a50f2675b5aaaba46], PUP.Optional.Vosteran, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [d638c5713c4ff343192b8d429b69857b], PUP.Optional.Wajam, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [24ea96a05536e55160131db20103b44c], Registrierungswerte: 11 PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [1feff44295f6ad895c8a95ec14f00cf4] PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [3ad4ff371279ed49bd29265be4206c94] PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [b45a84b29eed2d0951d4dbeec44030d0] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [27e7ed493d4e10264a9be1a03cc825db] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [d8366fc76f1c9b9b0dd8fb86ba4ad42c] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.omniboxes.com//favicon.ico, In Quarantäne, [44cae1554447b77ff6eff58c1be9dd23] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [a46a8caabad1e353af36d6ab0afa4ab6] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [937bb086ff8c290d499c5f2248bc30d0] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{637D6E3C-DF93-48A5-8362-159A8AC56B11}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [cf3f89ad1f6c280ec124d2af0004a957] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [917df04693f8d75f4b9a255cab5956aa] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [48c6ae880883bb7b796cafd214f0b24e] Registrierungsdaten: 8 PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[848a2b0b7e0dd56187fdc4bbec1908f8] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[57b70333632889adccf23846986d966a] PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}),Ersetzt,[7a94bb7b8efd40f6d4b0a8d7e61f7090] PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[ed215cdacfbc23131e664e312ed7916f] PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[0a0470c68704b77f5430d8a79e67619f] PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}),Ersetzt,[080668cee5a606300084225d788d31cf] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[13fbeb4b820979bd5d61245a16ef35cb] PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[7995f2448902f541176e681747be7090] Ordner: 3 PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [14fa59dd97f481b51cd9e12bfb0821df], PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate, In Quarantäne, [21ed4de98803a690c06d1d06857e8c74], PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [21ed4de98803a690c06d1d06857e8c74], Dateien: 1 Trojan.MSIL.Agent, C:\Users\Sebastian\Desktop\Spiele\Hacknet\Hacknet.exe, In Quarantäne, [b95531053d4e6fc70ab0d38ebf468a76], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.009 - Logfile created 30/09/2015 at 21:55:30 # Updated 27/09/2015 by Xplode # Database : 2015-09-30.1 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : Sebastian - SEBASTIAN-PC # Running from : C:\Users\Sebastian\Desktop\AdwCleaner_5.009.exe # Option : Cleaning # Support : hxxp://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\World of Warcraft Beta [-] Folder Deleted : C:\ProgramData\apn [-] Folder Deleted : C:\ProgramData\ParetoLogic [-] Folder Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl ***** [ Files ] ***** [-] File Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npnkeeiehehhefofiekoflfedgehcdhl [-] File Deleted : C:\Windows\Reimage.ini ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : Adobe Flash Player Updater ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKCU\Software\ParetoLogic [-] Key Deleted : HKCU\Software\Reimage [-] Key Deleted : HKCU\Software\DriverToolkit [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic [-] Key Deleted : HKLM\SOFTWARE\SupDp [-] Key Deleted : HKLM\SOFTWARE\Uniblue [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} [!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic [!] Key Not Deleted : [x64] HKCU\Software\Reimage [!] Key Not Deleted : [x64] HKCU\Software\DriverToolkit [-] Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage ***** [ Web browsers ] ***** [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.omniboxes.com/webfavicon.ico [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npnkeeiehehhefofiekoflfedgehcdhl [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF ************************* :: Proxy settings cleared :: Winsock settings cleared :: Chrome policies deleted ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3746 bytes] ########## Code:
ATTFilter Farbar Service Scanner Version: 26-07-2015 Ran by Sebastian (administrator) on 30-09-2015 at 22:11:18 Running from "C:\Users\Sebastian\Downloads" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist. MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed ATTENTION!=====> C:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Das Programm "Farbar Service Scanner" hat beim ersten Mal downloaden nicht funktioniert. Ich bekam den Fehler "FSS.exe is not a valid Win32 application". Beim zweiten Mal downloaden hat es aber funktioniert. Die Firewall lässt sich immer noch nicht anschalten oder vom System konfigurieren, es wird immer noch derselbe Fehler angezeigt. Am täglichen Start meines Rechners ist der Echtzeitschutz vom Windows Defender für einige Sekunden deaktiviert (In den letzten Tagen nicht mehr der Fall) Einige Updates werden installiert, aber nur stückweise. Das komplette Paket zu downloaden funktioniert nicht. |
01.10.2015, 19:27 | #12 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Ja also deine Firewall kann gerade auch nicht funktionieren, weil sie überhaupt auf deinem Computer halb fehlt haha Dass der Windows Defender bzw. die Security Essentials am Anfang manchmal für ein paar Sekunden auf inaktiv stehen, ist recht normal und nichts ungewöhnliches. Da musst du dir keine Sorgen machen. Wenn auf deinem Rechner viele Updates fehlen, ist es normal, dass zwischendurch im Update Prozess Fehler auftauchen und es erst nach einem Neustart weiter geht. Erstmal müssen wir uns aber um deine zerlegte Firewall und Systemwiederherstellung kümmern: Schritt 1
Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
01.10.2015, 21:47 | #13 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) Wie keine Firewall? o_O Wird die nicht standardmäßig installiert? Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version:27-09-2015 01 Ran by Sebastian (2015-10-01 22:42:18) Running from C:\Users\Sebastian\Desktop Boot Mode: Normal ================== Search Files: "mpsdrv.sys;SDRSVC.dll" ============= ====== End of Search ====== |
01.10.2015, 21:52 | #14 |
| Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) *kurz einmisch* Doch natürlich, doch irgendetwas hat die Firewall halt gelöscht. *wieder raus* LG |
02.10.2015, 16:39 | #15 |
/// Malwareteam | Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) okay, also dein System ist wirklich schwer beschädigt und es wäre ein sehr großer Aufwand, das alles manuell zu reparieren. Auch dann kann ich dir nicht versprechen, dass wieder alles funktioniert - dein PC hat einfach an mehreren Stellen Baustellen. Deshalb bitte ich dich um ein Inplace Upgrade. Dazu benötigst du eine Windows CD von Windows 7 Ultimate mit 64bit. Wenn du die nicht hast oder auch nicht von einem Freund ausleihen kannst, kannst du mit einem gültigen Key hier eine .iso Datei von Windows laden: https://www.microsoft.com/de-de/soft...nload/windows7 Folge danach dieser Anleitung: Inplace Upgrade - Windows reparieren - Anleitungen Wie verhält sich dein System nun nach dem Inplace Upgrade?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |