Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c) (https://www.trojaner-board.de/171616-windows-7-firewall-funktioniert-error-code-0x8007042c.html)

xaont 28.09.2015 23:17
Windows 7, Firewall funktioniert nicht (Error Code 0x8007042c)
 
Guten Abend liebe Community,

ich hoffe hier mein "kleines" Problem lösen zu können. Deshalb frage ich einfach mal Experten :
Meine Firewall lässt sich nicht über die Systemsteuerung starten, weder noch kann ich den Windows Firewall-Dienst nicht aktivieren. In der Systemsteuerung wird mir vorbehalten, dass meine Firewall nicht die empfohlenen Einstellungen benutzt. Ein Klick auf die Schaltfläche "use recommended settings" erbringt mir nur die Anzeige "Windows Firewall can't change some of your settings. Error code 0x8007042c". Das Starten des Dienstes wird mit "Windows could not start the Windows Firewall service on local Computer" abgebrochen.

Ich benutze Windows 7 Ultimate 64 bit

Installiert habe ich dies vor einiger Zeit und mein dazu beigelegter Schlüssel hat nicht funktioniert. Ich habe dann einen Ersatzkey für das Aktivieren von Windows zugeschickt bekommen und dieser funktionierte, seitdem die Firewall aber nicht mehr. Ich habe meinen Account (eigentlich) als Administrator eingestellt und so wird er mir auch angezeigt, ich hatte bislang keine Probleme mit irgendwelchen fehlenden Zugriffsrechten.

Ein Scan per Avira, Windows Defender und Glary Utilities PRO brachte immer dasselbe Resultat : Keine Viren oder Trojaner gefunden.
Auch das FixIt Programm von Microsoft selbst für Malware (MicrosoftFixit.malware.RNP.Run.exe) und WinSecurity (MicrosoftFixit.WinSecurity.RNP.Run.exe) hat nichts erbracht. Es wurde lediglich ein Benutzer Problem gelöst, anstatt die Firewall.


Den Scan von FRST lege ich als Anhang bei.

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Sebastian (administrator) on SEBASTIAN-PC (29-09-2015 00:11:13)
Running from C:\Users\Sebastian\Desktop
Loaded Profiles: Sebastian (Available Profiles: Sebastian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd)
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: F - F:\Launcher.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {09f675f1-6a64-11e4-b973-002522244cea} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {300f7dc7-b615-11e4-b578-002522244cea} - E:\iLinker.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {322b6ae7-efa6-11e3-a92a-002522244cea} - E:\DLC_setup.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {5a5dd440-ccbb-11e4-badf-002522244cea} - F:\Launcher.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {5a5dd444-ccbb-11e4-badf-002522244cea} - H:\RunGame.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {9b91e911-fed8-11e4-aef9-002522244cea} - E:\pushinst.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\MountPoints2: {a798d358-5b62-11e4-addf-002522244cea} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2015-09-13]
ShortcutTarget: IMVU.lnk -> C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{22C59305-49D5-4BA9-8BF1-60AD6F69C9C1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{28B36D87-CD5F-4CB2-9EA8-226D45F9E653}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{377D1EB0-3BE5-4C9F-8E03-B65FD366FAA4}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{42C326A8-54E1-4730-B551-49A42192B68C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{74EA7251-30F1-41FE-9A9A-44ED6DD54FF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{7E99F149-6098-46F9-BD69-A51C805D9AA5}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{97B3965E-BD65-4CE0-A58C-3526ED05B532}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C4E114F4-E6FB-4899-8CDD-59F2158204E0}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{F0E47A82-3989-4501-981C-6A837C3266DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.omniboxes.com/?type=sc&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1798516267-2414223650-3212704099-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-27] (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-09]

Chrome:
=======
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (YouTube Unblocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-11-27]
CHR Extension: (Diablo 3 - Dark) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnbkjlapbofhmbaeabglnbgjacmmmdj [2014-06-03]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Auto-HD für YouTube™) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-18] (Electronic Arts)
S3 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-04] (Microsoft Corporation) [File not signed]
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-04] (Glarysoft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2015-05-17] (Realtek Semiconductor Corporation                          )
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [33280 2014-07-29] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 00:11 - 2015-09-29 00:11 - 00025383 _____ C:\Users\Sebastian\Desktop\FRST.txt
2015-09-29 00:11 - 2015-09-29 00:11 - 00000000 ____D C:\FRST
2015-09-29 00:10 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2015-09-29 00:03 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2015-09-28 23:51 - 2015-09-28 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.malware.RNP.Run.exe
2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 _____ C:\Windows\system32\netsh
2015-09-28 23:48 - 2015-09-28 23:48 - 00059200 _____ C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-28 23:47 - 2015-09-28 23:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.WinSecurity.RNP.Run.exe
2015-09-28 23:18 - 2015-09-28 23:19 - 00000000 ____D C:\Users\Sebastian\Desktop\Textdokumente
2015-09-28 23:17 - 2015-09-28 23:37 - 00000000 ____D C:\Users\Sebastian\Desktop\Wichtige Programme
2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Spiele
2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Anderes Zeug
2015-09-20 17:23 - 2015-09-20 17:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-09-18 18:31 - 2015-09-21 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-28 23:59 - 2014-06-02 17:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-28 23:41 - 2015-01-20 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-28 23:24 - 2014-06-02 13:18 - 00000000 ____D C:\Users\Sebastian
2015-09-28 23:22 - 2014-06-09 09:37 - 00000000 ____D C:\Users\Sebastian\Documents\My Games
2015-09-28 23:22 - 2014-06-03 17:57 - 00000000 ___RD C:\Users\Sebastian\Desktop\Bilder
2015-09-28 23:21 - 2015-01-04 04:52 - 00000000 ____D C:\Users\Sebastian\Desktop\Musik
2015-09-28 23:14 - 2014-06-02 17:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-28 21:40 - 2014-06-02 17:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype
2015-09-28 18:36 - 2014-06-02 17:27 - 00000000 ____D C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
2015-09-28 17:44 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 17:44 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-28 17:40 - 2014-06-03 01:41 - 01167894 _____ C:\Windows\WindowsUpdate.log
2015-09-28 17:40 - 2009-07-14 07:13 - 00781914 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-28 17:36 - 2015-03-23 02:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVU
2015-09-28 17:35 - 2014-08-04 02:06 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-09-28 17:33 - 2014-06-02 17:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-28 17:33 - 2014-06-02 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-28 17:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-28 02:36 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ftblauncher
2015-09-27 17:53 - 2014-06-03 16:36 - 00000000 ____D C:\Program Files (x86)\osu!
2015-09-27 13:33 - 2014-08-04 23:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client
2015-09-23 20:02 - 2015-06-30 01:34 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Akamai
2015-09-23 15:59 - 2014-06-09 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\.minecraft
2015-09-22 18:29 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Battle.net
2015-09-22 15:41 - 2015-01-20 16:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 15:41 - 2015-01-20 16:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 15:41 - 2014-06-12 01:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 14:51 - 2014-09-20 06:44 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-09-22 14:50 - 2014-06-06 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-09-22 14:46 - 2015-07-09 06:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-20 17:23 - 2015-02-20 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-09-20 17:23 - 2014-11-23 20:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent
2015-09-20 00:49 - 2015-02-20 20:57 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-09-13 17:06 - 2015-03-23 02:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVUClient
2015-09-13 04:03 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net
2015-09-12 22:19 - 2014-06-02 17:09 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google
2015-09-03 12:22 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\ftblauncher
2015-08-31 15:37 - 2015-05-17 17:14 - 00000366 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-08-31 01:07 - 2015-05-17 17:14 - 00002740 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2015-08-31 01:01 - 2014-09-06 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2015-03-15 21:16 - 2015-03-15 21:16 - 0000000 ___SH () C:\Users\Sebastian\AppData\Local\LumaEmu

Some files in TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\gusetup0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 4773888 ____A (Microsoft Corporation) FD52F5EA481E3CF5D763E80A86F3A2E5

C:\Windows\SysWOW64\explorer.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 4517888 ____A (Microsoft Corporation) 6ECDEE497748D04851DE0D7631343446

C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-22 23:41

==================== End of FRST.txt ============================
--- --- ---

--- --- ---


Addition.txt
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Sebastian (2015-09-29 00:12:02)
Running from C:\Users\Sebastian\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-06-02 11:18:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1798516267-2414223650-3212704099-500 - Administrator - Disabled)
Guest (S-1-5-21-1798516267-2414223650-3212704099-501 - Limited - Disabled)
Sebastian (S-1-5-21-1798516267-2414223650-3212704099-1000 - Administrator - Enabled) => C:\Users\Sebastian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Echo of Soul (HKLM-x32\...\Steam App 290140) (Version:  - Nvius)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Magic 2015 Demo (HKLM-x32\...\Steam App 255440) (Version:  - Stainless Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version:  - NEKO WORKs)
NEKOPARA vol.1 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\{64DC04AF-BD7C-4CF4-9CA4-938953224328}) (Version:  - NEKO WORKs)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{5415a005-4f91-4436-9ae1-13db6955a13f}) (Version: latest - ppy Pty Ltd)
PlanetSide 2 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0184.1 - REALTEK Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version:  - Ascaron Entertainment GmbH)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
tAPI version 1.2.4.1 r14a (HKLM-x32\...\{6D47E78A-A9FE-41B8-A5C6-8A6A04FB8F71}_is1) (Version: 1.2.4.1 r14a - tAPI Development Team)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.2.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-09-2015 17:32:47 Windows Update
22-09-2015 15:00:02 Windows Update
25-09-2015 19:24:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-22 09:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {194826E4-0EC4-4230-B40D-66E1A4920BD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe
Task: {68A78A2B-08DC-477E-95CE-81259277CDE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A3A53087-B8D5-4E92-9456-2D61A38710E2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {C8ACEA93-ED2D-4876-BB89-A8651F5E5789} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
Task: {D06E6894-CCC0-4D71-924D-481EF208E1D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E495149C-3445-435B-B1AB-BBEA392FEA73} - System32\Tasks\{7B02836B-1F9B-4042-BA33-760343F39CA7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain
Task: {E91F2FD0-A7B5-43AD-9D13-9BB400D34BE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-02 17:00 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-22 00:00 - 2015-07-14 07:55 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libglesv2.dll
2015-07-22 00:00 - 2015-07-14 07:55 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libegl.dll
2014-06-02 17:59 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 22:35 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 22:35 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 22:35 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-06-02 17:59 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 17:00 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 17:00 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 17:00 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 17:00 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 17:00 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-02 17:59 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 03:15 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-06-02 17:59 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-21 05:01 - 2014-07-21 05:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80
FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80
FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2015 05:34:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 11:44:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 05:12:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2015 07:47:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 16.13.42.0, time stamp: 0x5418ec0a
Faulting module name: NvBackend.exe, version: 16.13.42.0, time stamp: 0x5418ec0a
Exception code: 0xc0000005
Fault offset: 0x0007b023
Faulting process id: 0x518
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (09/24/2015 07:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 02:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 12:47:49 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (09/23/2015 10:52:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.92.69.85 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 92c

Start Time: 01d0f641bf011b29

Termination Time: 0

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: 05b8b262-6235-11e5-87b7-002522244cea

Error: (09/23/2015 10:52:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 08:27:23 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe


System errors:
=============
Error: (09/29/2015 12:10:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/29/2015 12:10:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2

Error: (09/29/2015 12:10:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/29/2015 12:10:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2

Error: (09/29/2015 12:09:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/29/2015 12:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2

Error: (09/29/2015 12:09:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/29/2015 12:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2

Error: (09/29/2015 12:09:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/29/2015 12:09:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
  Date: 2015-09-28 17:36:29.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-28 17:36:29.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-27 11:45:53.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-27 11:45:53.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-26 17:13:28.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-26 17:13:27.969
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 19:13:31.704
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 19:13:31.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 14:05:55.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 14:05:55.171
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 55%
Total physical RAM: 4095.3 MB
Available physical RAM: 1817.12 MB
Total Virtual: 64093.48 MB
Available Virtual: 61684.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:176.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7603C0BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

--- --- ---


Ich hoffe ihr könnt mir weiterhelfen.
Mit freundlichen Grüßen,
xaont

burningice 28.09.2015 23:29
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

xaont 28.09.2015 23:43
So schnell? D: Vielen Dank!

burningice 29.09.2015 13:23
:hallo:

Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
Los geht's :abklatsch:


Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort also:
  • Logfile von Combofix

xaont 29.09.2015 15:19
Hallo Rafael!

Erst einmal vielen Dank für die schnelle Antwort,

Während des Scans erschien öfter die Fehlermeldung "Commandline Standard Stream Splitter has stopped working", so etwa 15-20 Mal bis sich der Computer neugestartet hat. Seit des gestrigen Scans mit FRST hatte ich Heute Morgen die Möglichkeit über 100 neue Windows-Updates zu installieren. Diese wurden mir aber auch durch den Fehler "Unable to install Update (Error Code x80010108) verweigert. Eine Fehlermeldung nach Neustart des Computers bekam ich allerdings nicht, ansonsten lief alles einwandfrei hat das Problem aber nicht gelöst.

Code:
ComboFix 15-09-25.01 - Sebastian 29.09.2015  15:39:49.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1033.18.4095.2285 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\DRIVERS\beep.sys
c:\windows\msdownld.tmp
c:\windows\SysWow64\installd.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-08-28 bis 2015-09-29  ))))))))))))))))))))))))))))))
.
.
2015-09-29 14:00 . 2015-09-29 14:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-09-29 13:29 . 2015-09-29 13:29        --------        d-----w-        c:\users\Sebastian\AppData\Local\VirtualStore
2015-09-28 22:11 . 2015-09-28 22:12        --------        d-----w-        C:\FRST
2015-09-28 21:50 . 2015-09-28 21:53        --------        d-----w-        c:\users\Sebastian\AppData\Local\ElevatedDiagnostics
2015-09-28 09:53 . 2015-08-31 22:45        11062400        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1947ABA-AB2B-441D-A6AF-F32128CC4875}\mpengine.dll
2015-09-27 09:55 . 2015-08-31 22:45        11062400        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-23 21:01 . 2015-07-02 12:51        1190000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6169EF9-5F75-4655-91F0-55023A877136}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 13:41 . 2015-01-20 14:38        780488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:41 . 2014-06-11 23:23        142536        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-03 10:12 . 2014-06-26 14:24        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2015-07-05 10:08 . 2010-11-21 03:27        300704        ------w-        c:\windows\system32\MpSigStub.exe
2015-07-02 12:51 . 2014-07-05 16:29        1190000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[-] 2010-11-21 . FD52F5EA481E3CF5D763E80A86F3A2E5 . 4773888 . . [6.1.7600.16385] .. c:\windows\explorer.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sebastian\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-07-21 37152]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" [2015-8-13 217568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe, c:\users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Realtek11nCU;Realtek11nCU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-21 21:59        995144        ----a-w-        c:\program files (x86)\Google\Chrome\Application\44.0.2403.89\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20 13:41]
.
2015-09-29 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21 03:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
mDefault_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
mStart Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Sebastian\AppData\Local\Temp\ie_script.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Glary Utilities 5\Integrator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-09-29  16:08:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-09-29 14:08
.
Vor Suchlauf: 190.737.477.632 bytes free
Nach Suchlauf: 195.295.383.552 bytes free
.
- - End Of File - - 6BE8925DFC51D8B0C2B9E91D49ABAA21
A36C5E4F47E84449FF07ED3517B43A31
Mit freundlichen Grüßen,
Sebastian

burningice 29.09.2015 20:43
Ja das ist nicht verwunderlich, da hast du dir nämlich ganz schon was eingefangen.

Bevor wir sauber machen können, brauche ich von dir einen zusätzlichen Scan:

Schritt 1
  • Starte wieder FRST und kopiere folgendes in das weiße Feld:
    Code:
    explorer.exe
  • Drücke auf Search Files

Bitte poste in deiner nächsten Antwort also:
  • Search.txt

xaont 29.09.2015 21:28
Code:
Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Sebastian (2015-09-29 22:22:52)
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal

================== Search Files: "explorer.exe" =============

C:\Windows\explorer.exe
[2010-11-21 05:24][2010-11-21 05:24] 4773888 ____A (Microsoft Corporation) FD52F5EA481E3CF5D763E80A86F3A2E5 [File not signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2014-08-07 15:12][2011-02-26 07:19] 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2014-08-07 15:12][2011-02-25 07:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2014-08-07 15:12][2011-02-26 08:14] 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2014-08-07 15:12][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is digitally signed]

C:\Windows\SysWOW64\explorer.exe
[2010-11-21 05:24][2010-11-21 05:24] 4517888 ____A (Microsoft Corporation) 6ECDEE497748D04851DE0D7631343446 [File not signed]

====== End of Search ======

burningice 30.09.2015 14:36
Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Run Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
closeprocesses:
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe
Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\SysWOW64\explorer.exe
HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION
C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe
Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254
Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
C:\Users\Sebastian\AppData\Local\28342
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Scan

Bitte poste in deiner nächsten Antwort also:
  • Fixlog.txt
  • Frst.txt
  • Addition.txt

xaont 30.09.2015 19:18
Danke schön, hier die Textdateien :

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Sebastian (2015-09-30 20:04:58) Run:1
Running from C:\Users\Sebastian\Desktop
Loaded Profiles: Sebastian (Available Profiles: Sebastian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe
Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\SysWOW64\explorer.exe
HKLM-x32\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe <==== ATTENTION
C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe
Tcpip\..\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}: [DhcpNameServer] 7.254.254.254
Task: {CE239D31-64A1-4530-8C64-4EED4CE9634E} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\28342\a23207.exe <==== ATTENTION
C:\Users\Sebastian\AppData\Local\28342
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
emptytemp:
*****************

Processes closed successfully.
C:\Windows\explorer.exe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
"C:\Users\Sebastian\Downloads\Counter Strike Global Offensive skin generator v4.4.exe" => File/Folder not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED163E40-2604-49BE-AEE9-A09318B83A39}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE239D31-64A1-4530-8C64-4EED4CE9634E} => key not found.
C:\Windows\System32\Tasks\AmiUpdXp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found.
C:\Windows\Tasks\AmiUpdXp.job => not found.
"C:\Users\Sebastian\AppData\Local\28342" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:07:06 ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Sebastian (administrator) on SEBASTIAN-PC (30-09-2015 20:11:38)
Running from C:\Users\Sebastian\Desktop
Loaded Profiles: Sebastian (Available Profiles: Sebastian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
() C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUClient.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd)
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Policies\Explorer: [NoResolveSearch] 1
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2015-09-13]
ShortcutTarget: IMVU.lnk -> C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{22C59305-49D5-4BA9-8BF1-60AD6F69C9C1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{28B36D87-CD5F-4CB2-9EA8-226D45F9E653}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{377D1EB0-3BE5-4C9F-8E03-B65FD366FAA4}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{42C326A8-54E1-4730-B551-49A42192B68C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{74EA7251-30F1-41FE-9A9A-44ED6DD54FF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{7E99F149-6098-46F9-BD69-A51C805D9AA5}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{97B3965E-BD65-4CE0-A58C-3526ED05B532}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C4E114F4-E6FB-4899-8CDD-59F2158204E0}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F0E47A82-3989-4501-981C-6A837C3266DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF
HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1798516267-2414223650-3212704099-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1798516267-2414223650-3212704099-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-27] (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\mb8gfr6v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-09]

Chrome:
=======
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (YouTube Unblocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-11-27]
CHR Extension: (Diablo 3 - Dark) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnbkjlapbofhmbaeabglnbgjacmmmdj [2014-06-03]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Bookmark Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Auto-HD für YouTube™) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-18] (Electronic Arts)
S3 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-04] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-04] (Glarysoft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2015-05-17] (Realtek Semiconductor Corporation                          )
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [33280 2014-07-29] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 20:11 - 2015-09-30 20:12 - 00022643 _____ C:\Users\Sebastian\Desktop\FRST.txt
2015-09-30 03:12 - 2015-09-30 14:13 - 00023245 _____ C:\Windows\IE11_main.log
2015-09-30 03:11 - 2015-09-30 03:11 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-09-29 22:22 - 2015-09-29 22:28 - 00001597 _____ C:\Users\Sebastian\Desktop\Search.txt
2015-09-29 16:59 - 2015-09-29 16:59 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CEF
2015-09-29 16:08 - 2015-09-29 16:08 - 00013983 _____ C:\ComboFix.txt
2015-09-29 16:02 - 2015-09-30 20:08 - 00000876 _____ C:\Windows\PFRO.log
2015-09-29 15:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-29 15:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-29 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-29 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-29 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-29 15:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-29 15:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-29 15:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-29 15:36 - 2015-09-29 16:08 - 00000000 ____D C:\Qoobox
2015-09-29 15:36 - 2015-09-29 16:07 - 00000000 ____D C:\Windows\erdnt
2015-09-29 15:33 - 2015-09-29 15:33 - 05636489 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe
2015-09-29 15:32 - 2015-09-29 15:33 - 05636489 _____ (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe
2015-09-29 15:31 - 2015-09-29 15:31 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Macromedia
2015-09-29 15:29 - 2015-09-29 15:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\VirtualStore
2015-09-29 05:55 - 2015-09-30 20:09 - 00001512 _____ C:\Windows\setupact.log
2015-09-29 05:55 - 2015-09-29 05:55 - 00000000 _____ C:\Windows\setuperr.log
2015-09-29 00:11 - 2015-09-30 20:11 - 00000000 ____D C:\FRST
2015-09-29 00:10 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2015-09-29 00:03 - 2015-09-29 00:03 - 02192384 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2015-09-28 23:51 - 2015-09-28 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.malware.RNP.Run.exe
2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 _____ C:\Windows\system32\netsh
2015-09-28 23:48 - 2015-09-28 23:48 - 00059200 _____ C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-28 23:47 - 2015-09-28 23:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Sebastian\Downloads\MicrosoftFixit.WinSecurity.RNP.Run.exe
2015-09-28 23:18 - 2015-09-30 04:25 - 00000000 ____D C:\Users\Sebastian\Desktop\Textdokumente
2015-09-28 23:17 - 2015-09-29 22:22 - 00000000 ____D C:\Users\Sebastian\Desktop\Wichtige Programme
2015-09-28 23:17 - 2015-09-29 16:59 - 00000000 ____D C:\Users\Sebastian\Desktop\Anderes Zeug
2015-09-28 23:17 - 2015-09-28 23:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Spiele
2015-09-20 17:23 - 2015-09-20 17:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-09-18 18:31 - 2015-09-21 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 20:11 - 2015-03-23 02:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVU
2015-09-30 20:11 - 2014-08-04 02:06 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-09-30 20:11 - 2014-08-04 02:06 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-30 20:09 - 2014-06-02 13:18 - 00000000 ____D C:\Users\Sebastian
2015-09-30 20:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 20:08 - 2014-06-02 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-30 20:07 - 2014-06-03 01:41 - 01243146 _____ C:\Windows\WindowsUpdate.log
2015-09-30 20:07 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-30 20:07 - 2009-07-14 06:45 - 00036144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 13:41 - 2015-01-20 16:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-30 10:56 - 2014-06-02 17:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype
2015-09-30 03:11 - 2014-07-03 19:40 - 00001945 _____ C:\Windows\epplauncher.mif
2015-09-30 03:11 - 2014-07-03 19:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-30 03:11 - 2014-07-03 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-09-30 02:46 - 2014-06-02 17:27 - 00000000 ____D C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
2015-09-30 00:26 - 2014-06-02 17:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-29 19:56 - 2014-08-04 23:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client
2015-09-29 16:08 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-09-29 16:04 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-09-29 16:01 - 2012-07-22 01:43 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-29 16:01 - 2012-07-22 01:42 - 39845888 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-09-29 16:01 - 2012-07-22 01:42 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-29 16:01 - 2012-07-22 01:41 - 51118080 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-29 16:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-29 16:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-09-28 23:37 - 2014-08-04 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-09-28 23:22 - 2014-06-09 09:37 - 00000000 ____D C:\Users\Sebastian\Documents\My Games
2015-09-28 23:22 - 2014-06-03 17:57 - 00000000 ___RD C:\Users\Sebastian\Desktop\Bilder
2015-09-28 23:21 - 2015-01-04 04:52 - 00000000 ____D C:\Users\Sebastian\Desktop\Musik
2015-09-28 17:40 - 2009-07-14 07:13 - 00781914 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-28 02:36 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ftblauncher
2015-09-27 17:53 - 2014-06-03 16:36 - 00000000 ____D C:\Program Files (x86)\osu!
2015-09-23 20:02 - 2015-06-30 01:34 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Akamai
2015-09-23 15:59 - 2014-06-09 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\.minecraft
2015-09-22 18:29 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Battle.net
2015-09-22 15:41 - 2015-01-20 16:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 15:41 - 2015-01-20 16:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 15:41 - 2014-06-12 01:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 14:51 - 2014-09-20 06:44 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-09-22 14:50 - 2014-06-06 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-09-22 14:46 - 2015-07-09 06:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-20 17:23 - 2015-02-20 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-09-20 17:23 - 2014-11-23 20:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent
2015-09-20 00:49 - 2015-02-20 20:57 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-09-13 17:06 - 2015-03-23 02:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\IMVUClient
2015-09-13 04:03 - 2014-06-06 13:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net
2015-09-12 22:19 - 2014-06-02 17:09 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google
2015-09-03 12:22 - 2014-12-06 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\ftblauncher
2015-08-31 01:01 - 2014-09-06 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2015-03-15 21:16 - 2015-03-15 21:16 - 0000000 ___SH () C:\Users\Sebastian\AppData\Local\LumaEmu

Some files in TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\gusetup9.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-22 23:41

==================== End of FRST.txt ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Sebastian (2015-09-30 20:12:55)
Running from C:\Users\Sebastian\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-06-02 11:18:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1798516267-2414223650-3212704099-500 - Administrator - Disabled)
Guest (S-1-5-21-1798516267-2414223650-3212704099-501 - Limited - Disabled)
Sebastian (S-1-5-21-1798516267-2414223650-3212704099-1000 - Administrator - Enabled) => C:\Users\Sebastian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Echo of Soul (HKLM-x32\...\Steam App 290140) (Version:  - Nvius)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Magic 2015 Demo (HKLM-x32\...\Steam App 255440) (Version:  - Stainless Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version:  - NEKO WORKs)
NEKOPARA vol.1 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\{64DC04AF-BD7C-4CF4-9CA4-938953224328}) (Version:  - NEKO WORKs)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{5415a005-4f91-4436-9ae1-13db6955a13f}) (Version: latest - ppy Pty Ltd)
PlanetSide 2 (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0184.1 - REALTEK Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version:  - Ascaron Entertainment GmbH)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
tAPI version 1.2.4.1 r14a (HKLM-x32\...\{6D47E78A-A9FE-41B8-A5C6-8A6A04FB8F71}_is1) (Version: 1.2.4.1 r14a - tAPI Development Team)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.2.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-09-2015 01:35:32 Windows Update
30-09-2015 03:00:18 Windows Update
30-09-2015 11:02:12 Windows Update
30-09-2015 14:00:52 Windows Update
30-09-2015 20:07:00 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-22 09:18 - 2015-09-29 16:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe
Task: {68A78A2B-08DC-477E-95CE-81259277CDE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A3A53087-B8D5-4E92-9456-2D61A38710E2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {E495149C-3445-435B-B1AB-BBEA392FEA73} - System32\Tasks\{7B02836B-1F9B-4042-BA33-760343F39CA7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain
Task: {E91F2FD0-A7B5-43AD-9D13-9BB400D34BE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-02 17:00 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-13 19:47 - 2015-08-13 19:47 - 00217568 _____ () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2015-08-13 19:47 - 2015-08-13 19:47 - 00221152 _____ () C:\Users\Sebastian\AppData\Roaming\IMVUClient\IMVUClient.exe
2014-07-21 05:01 - 2014-07-21 05:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80
FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80
FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2015 08:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 07:58:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 07:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 11:40:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 11:36:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2015 04:03:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2015 03:59:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x13bc
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (09/29/2015 03:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x12dc
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (09/29/2015 03:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x4ac
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (09/29/2015 03:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x924
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3


System errors:
=============
Error: (09/30/2015 08:10:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/30/2015 08:10:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%2

Error: (09/30/2015 08:09:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%-2147024894

Error: (09/30/2015 08:09:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BuddyVM service failed to start due to the following error:
%%3

Error: (09/30/2015 08:09:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%2

Error: (09/30/2015 08:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%2

Error: (09/30/2015 08:08:28 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (09/30/2015 08:06:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (09/30/2015 08:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/30/2015 08:04:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-09-29 16:00:30.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 16:00:30.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-28 17:36:29.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-28 17:36:29.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-27 11:45:53.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-27 11:45:53.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-26 17:13:28.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-26 17:13:27.969
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 19:13:31.704
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-24 19:13:31.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 25%
Total physical RAM: 4095.3 MB
Available physical RAM: 3038.16 MB
Total Virtual: 64093.48 MB
Available Virtual: 63021.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:182.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7603C0BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---


Mir ist aufgefallen, dass FRST nun länger braucht zum Starten (vorher etwa 3 Sekunden, nun etwa 10-15 Sekunden , wenn nicht noch länger)

burningice 30.09.2015 19:46
Schritt 1
Lade dir http://filepony.de/icon/tiny/malware...ti_malware.png Malwarebytes Anti-Malware herunter, installiere es und starte es im Anschluss
  • Klicke auf die Einstellungen / Erkennung und Schutz und setze dabei den Haken bei "Nach Rootkits suchen"
  • Klicke im Anschluss auf Durchsuchen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Frage
Wie verhält sich dein System so? Funktionieren die Windows Updates und die Firewall wieder?

Bitte poste in deiner nächsten Antwort also:
  • Logfile von Malwarebytes
  • Logfile von ADWCleaner
  • Logfile von FSS
  • Antwort auf die Fragen

xaont 30.09.2015 21:19
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 30.09.2015
Suchlaufzeit: 21:13
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.30.06
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 374192
Abgelaufene Zeit: 28 Min., 59 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 21
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1feff44295f6ad895c8a95ec14f00cf4],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, In Quarantäne, [38d69d995437dc5ada221f700df711ef],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, In Quarantäne, [7e90dd59fb90a2942ece612e3bc9a35d],
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [75996cca4c3fad89b67decbf7094db25],
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware, In Quarantäne, [47c7dc5acebd93a3ea9063dc08fb4cb4],
PUP.Optional.WPM, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [2ae4aa8c18735bdb622eca08758f1ae6],
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [3ad4ff371279ed49bd29265be4206c94],
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [b45a84b29eed2d0951d4dbeec44030d0],
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [f21c89ade3a81125f6e7c40d0cf83ac6],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [27e7ed493d4e10264a9be1a03cc825db],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [d8366fc76f1c9b9b0dd8fb86ba4ad42c],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a46a8caabad1e353af36d6ab0afa4ab6],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{637D6E3C-DF93-48A5-8362-159A8AC56B11}, In Quarantäne, [cf3f89ad1f6c280ec124d2af0004a957],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}, In Quarantäne, [917df04693f8d75f4b9a255cab5956aa],
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [48c6ae880883bb7b796cafd214f0b24e],
PUP.Optional.Iminent, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [ba54d264d8b3d066dd8f0ba09272d927],
PUP.Optional.Iminent, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [b95540f61f6ced49204d4e5d6c98f10f],
PUP.Optional.Linkey, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [0fff0c2a2e5dca6ce9fd0aa4b252f907],
PUP.Optional.SearchProtect, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [d33b91a5f7949c9a50f2675b5aaaba46],
PUP.Optional.Vosteran, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [d638c5713c4ff343192b8d429b69857b],
PUP.Optional.Wajam, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [24ea96a05536e55160131db20103b44c],

Registrierungswerte: 11
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [1feff44295f6ad895c8a95ec14f00cf4]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [3ad4ff371279ed49bd29265be4206c94]
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [b45a84b29eed2d0951d4dbeec44030d0]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [27e7ed493d4e10264a9be1a03cc825db]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [d8366fc76f1c9b9b0dd8fb86ba4ad42c]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.omniboxes.com//favicon.ico, In Quarantäne, [44cae1554447b77ff6eff58c1be9dd23]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [a46a8caabad1e353af36d6ab0afa4ab6]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, In Quarantäne, [937bb086ff8c290d499c5f2248bc30d0]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{637D6E3C-DF93-48A5-8362-159A8AC56B11}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [cf3f89ad1f6c280ec124d2af0004a957]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [917df04693f8d75f4b9a255cab5956aa]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.omniboxes.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=395049983_1052514_601AB3BF&ts=1432925535&type=default&q={searchTerms}, In Quarantäne, [48c6ae880883bb7b796cafd214f0b24e]

Registrierungsdaten: 8
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[848a2b0b7e0dd56187fdc4bbec1908f8]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[57b70333632889adccf23846986d966a]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}),Ersetzt,[7a94bb7b8efd40f6d4b0a8d7e61f7090]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[ed215cdacfbc23131e664e312ed7916f]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[0a0470c68704b77f5430d8a79e67619f]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/web/?type=ds&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF&q={searchTerms}),Ersetzt,[080668cee5a606300084225d788d31cf]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[13fbeb4b820979bd5d61245a16ef35cb]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-21-1798516267-2414223650-3212704099-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF, Gut: (www.google.com), Schlecht: (hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF),Ersetzt,[7995f2448902f541176e681747be7090]

Ordner: 3
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [14fa59dd97f481b51cd9e12bfb0821df],
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate, In Quarantäne, [21ed4de98803a690c06d1d06857e8c74],
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [21ed4de98803a690c06d1d06857e8c74],

Dateien: 1
Trojan.MSIL.Agent, C:\Users\Sebastian\Desktop\Spiele\Hacknet\Hacknet.exe, In Quarantäne, [b95531053d4e6fc70ab0d38ebf468a76],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
# AdwCleaner v5.009 - Logfile created 30/09/2015 at 21:55:30
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Sebastian - SEBASTIAN-PC
# Running from : C:\Users\Sebastian\Desktop\AdwCleaner_5.009.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\World of Warcraft Beta
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl

***** [ Files ] *****

[-] File Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npnkeeiehehhefofiekoflfedgehcdhl
[-] File Deleted : C:\Windows\Reimage.ini

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\DriverToolkit
[-] Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.omniboxes.com/webfavicon.ico
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npnkeeiehehhefofiekoflfedgehcdhl
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.omniboxes.com/?type=hp&ts=1432925504&z=3a173728f798e7ec80ae6ecgcz2cdo2tco0wcz7m3z&from=amt&uid=395049983_1052514_601AB3BF

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3746 bytes] ##########
Code:
Farbar Service Scanner Version: 26-07-2015
Ran by Sebastian (administrator) on 30-09-2015 at 22:11:18
Running from "C:\Users\Sebastian\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.


System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed

ATTENTION!=====> C:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Wenn ich meinen Computer starte habe ich erstmal für einige Minuten einen Blackscreen, der war aber schon vorher da und ich denke, dass das einfach an meinem Rechner liegt (er ist jetzt 7 Jahre alt).
Das Programm "Farbar Service Scanner" hat beim ersten Mal downloaden nicht funktioniert. Ich bekam den Fehler "FSS.exe is not a valid Win32 application". Beim zweiten Mal downloaden hat es aber funktioniert.
Die Firewall lässt sich immer noch nicht anschalten oder vom System konfigurieren, es wird immer noch derselbe Fehler angezeigt.
Am täglichen Start meines Rechners ist der Echtzeitschutz vom Windows Defender für einige Sekunden deaktiviert (In den letzten Tagen nicht mehr der Fall)
Einige Updates werden installiert, aber nur stückweise. Das komplette Paket zu downloaden funktioniert nicht.

burningice 01.10.2015 19:27
Ja also deine Firewall kann gerade auch nicht funktionieren, weil sie überhaupt auf deinem Computer halb fehlt haha

Dass der Windows Defender bzw. die Security Essentials am Anfang manchmal für ein paar Sekunden auf inaktiv stehen, ist recht normal und nichts ungewöhnliches. Da musst du dir keine Sorgen machen.

Wenn auf deinem Rechner viele Updates fehlen, ist es normal, dass zwischendurch im Update Prozess Fehler auftauchen und es erst nach einem Neustart weiter geht.

Erstmal müssen wir uns aber um deine zerlegte Firewall und Systemwiederherstellung kümmern:

Schritt 1
  • Starte wieder FRST und kopiere folgendes in das weiße Feld:
    Code:
    mpsdrv.sys;SDRSVC.dll
  • Drücke auf Search Files

Bitte poste in deiner nächsten Antwort also:
  • Search.txt

xaont 01.10.2015 21:47
Wie keine Firewall? o_O
Wird die nicht standardmäßig installiert?

Code:
Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Sebastian (2015-10-01 22:42:18)
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal

================== Search Files: "mpsdrv.sys;SDRSVC.dll" =============

====== End of Search ======
Okay, dann bin ich beruhigt. Vielen Dank ^-^

DieKakao 01.10.2015 21:52
*kurz einmisch*

Doch natürlich, doch irgendetwas hat die Firewall halt gelöscht.



*wieder raus*

LG :)

burningice 02.10.2015 16:39
okay, also dein System ist wirklich schwer beschädigt und es wäre ein sehr großer Aufwand, das alles manuell zu reparieren. Auch dann kann ich dir nicht versprechen, dass wieder alles funktioniert - dein PC hat einfach an mehreren Stellen Baustellen.

Deshalb bitte ich dich um ein Inplace Upgrade. Dazu benötigst du eine Windows CD von Windows 7 Ultimate mit 64bit. Wenn du die nicht hast oder auch nicht von einem Freund ausleihen kannst, kannst du mit einem gültigen Key hier eine .iso Datei von Windows laden: https://www.microsoft.com/de-de/soft...nload/windows7

Folge danach dieser Anleitung: Inplace Upgrade - Windows reparieren - Anleitungen

Wie verhält sich dein System nun nach dem Inplace Upgrade?


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:40 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131