Solved Startup error c000021a {Fatal System Error}

jdag · 2016/07/30

Additional.txt:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-07-2016
durchgeführt von esra (2016-07-30 10:57:17)
Gestartet von C:\Users\esra\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-06-11 10:45:35)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-2558726113-3221186071-4112726812-500 - Administrator - Disabled)
esra (S-1-5-21-2558726113-3221186071-4112726812-1000 - Administrator - Enabled) => C:\Users\esra
Gast (S-1-5-21-2558726113-3221186071-4112726812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2558726113-3221186071-4112726812-1040 - Limited - Enabled)
UpdatusUser (S-1-5-21-2558726113-3221186071-4112726812-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.238 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1953964300.1637920.1637772.1953876159 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2241 - AVAST Software)
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-245 - House of Life)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
CDex extraction audio (HKLM-x32\...\CDex) (Version: - )
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NVIDIA 3D Vision Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02B04BF6-A169-4681-B27A-1FBA65CA04BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {0BB36AFB-59D7-4965-A7C3-695477B66AE0} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {0D933984-202F-47E2-896C-B483E7F6D137} - System32\Tasks\{B210AB46-47AA-42D8-9837-14D43DAF723E} => pcalua.exe -a C:\Windows\TEMP\avast_ash\IrfanView\iview436_setup.exe -d "C:\Program Files\AVAST Software\Avast "
Task: {2E0F090F-8FA1-400F-9BFC-4A0671E800B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {65498635-5869-4828-A5C5-DF581DB9CE67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {891B40D7-DF14-4908-BCB4-D229BD2153BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {934BCFE3-50AC-4B8E-8C24-1E4736228E99} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {9933D861-5C3C-4129-A74C-215228677512} - System32\Tasks\User_Feed_Synchronization-{64B39045-DDF5-4F4D-ADF9-825280345B4D}
Task: {A3A6F907-1C6C-4C54-A31A-90D6FECF0F0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {B7EC0CC0-57CD-4C77-8DA6-4B9103B0B05F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B966632F-AFBA-467D-940D-47EBA3A23531} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {C0D15EA1-BC80-48AF-82BE-DA69C3C536D5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-13] (AVAST Software)
Task: {D9EDEE42-C2D5-42B1-8815-14D41A98CC6C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {EAB218FB-E5B2-454E-A923-B0EF43166C0C} - System32\Tasks\Opera scheduled Autoupdate 1391048499 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\esra\AppData\Local\Microsoft\Windows\GameExplorer\{DD049A50-0344-4FB3-9D45-21E971E8F2C5}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-07-12 17:47 - 2013-06-21 12:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-10 00:41 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2013-07-31 01:07 - 2013-07-27 10:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
2016-05-13 13:18 - 2016-05-13 13:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-13 13:18 - 2016-05-13 13:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-28 18:50 - 2016-07-28 18:50 - 03002368 _____ () C:\Program Files\AVAST Software\Avast\defs\16072801\algo.dll
2016-05-13 13:18 - 2016-05-13 13:18 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-07-30 10:54 - 2016-07-30 10:54 - 03002880 _____ () C:\Program Files\AVAST Software\Avast\defs\16072901\algo.dll
2016-05-13 13:18 - 2016-05-13 13:18 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-13 13:20 - 2016-05-13 13:22 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 03:00 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-12 03:00 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-12 03:00 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-12 03:00 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-12 03:00 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\esra\Downloads\ActiveSetupN.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\cdbxp_setup_4.5.1.4003_minimal.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\gusetup_slim_2.56.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\iview435_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\winrar-x64-420d.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\...\1-se.com -> 1-se.com

Da befinden sich 11385 mehr Seiten.

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-07-29 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\esra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{8443E7F8-FF69-4A9D-9FAD-5F000F069076}C:\users\esra\appdata\local\temp\keygen.exe] => (Allow) C:\users\esra\appdata\local\temp\keygen.exe
FirewallRules: [UDP Query User{CE206A39-E0B1-4D2F-9ABA-FFAC792965C2}C:\users\esra\appdata\local\temp\keygen.exe] => (Allow) C:\users\esra\appdata\local\temp\keygen.exe
FirewallRules: [TCP Query User{9C35D464-E672-47FD-926E-6FBF82923E8D}C:\users\esra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\esra\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7EAED1CB-C848-4070-8B86-4E7945092575}C:\users\esra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\esra\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D17B25BC-F216-4FFB-8E28-DE03B4E137F8}C:\users\esra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\esra\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DBE28DE1-8D00-48B5-98EC-F32286C0376E}C:\users\esra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\esra\appdata\roaming\spotify\spotify.exe
FirewallRules: [{632E20AD-274E-417D-A752-CF0C1DE182EA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F3662D65-124F-44B8-A259-2BB780F8C6B5}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{977F3315-901D-41F7-8338-8620C5F506D0}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{61CC8EAC-8A61-4C24-BE85-17F94C358613}] => (Allow) C:\Windows\system32\lxeacoms.exe
FirewallRules: [{B5C1C0E2-0506-44EE-B54B-1084F1B1602B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6A42BF47-0474-4B54-8B9F-178AD7D09723}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{503844C7-358B-4EBC-AC7F-48EA43AFD471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CDF1C203-E42E-4505-BC88-E51A2600A828}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{67D78391-C18C-4ECF-BF54-3B6F105CD66A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BC89A45D-0DF7-4D74-8D06-CF3E079C6411}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CE41CD33-6785-466C-802D-9737C639B4CE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D5617782-867B-4FC8-8366-23E37FAD0E31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3268A6C1-A76E-419A-964C-CAD47A6A3D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3DFB8B61-758C-4743-85CA-02397557BE8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75B8D7D3-F7B3-4A8C-8DE1-64D8D510964D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4C9FA44-3227-401B-93B9-0D81D828738E}] => (Allow) C:\Users\esra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9041CD4-0B36-43E0-8AAF-603EE8713DA9}] => (Allow) C:\Users\esra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E99A4A5-7067-49A0-8F30-B13FC061AC14}] => (Allow) C:\Users\esra\AppData\Local\Temp\nsp8D83.tmp\CnetInstaller-75330514.exe
FirewallRules: [{EB6484EB-FBB0-4C56-9FF5-1896E75B99B4}] => (Allow) C:\Users\esra\AppData\Local\Temp\nsp8D83.tmp\CnetInstaller-75330514.exe
FirewallRules: [{7C241F3D-567E-45CB-AE4D-78ABC8BB0C73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCFFD08B-D6F6-40F2-8F4A-0FB8DFDF4282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13DE65BB-4380-488A-92F6-B4B02788A9B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/30/2016 10:55:54 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:55:11 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:54:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:54:05 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:53:47 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:53:33 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:53:16 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (07/30/2016 10:52:44 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (07/30/2016 10:52:44 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (07/30/2016 10:52:44 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Systemfehler:
=============
Error: (07/30/2016 10:55:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (07/30/2016 10:55:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183 = Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.

Error: (07/30/2016 10:55:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/30/2016 10:55:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183 = Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.

Error: (07/30/2016 10:55:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/30/2016 10:55:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (07/30/2016 10:54:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (07/30/2016 10:54:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183 = Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.

Error: (07/30/2016 10:54:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (07/30/2016 10:54:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183 = Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.

CodeIntegrity:
===================================
Date: 2016-07-29 12:57:13.604
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2016-07-29 12:57:13.401
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

==================== Speicherinformationen ===========================

Prozessor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Prozentuale Nutzung des RAM: 67%
Installierter physikalischer RAM: 2042.93 MB
Verfügbarer physikalischer RAM: 671.81 MB
Summe virtueller Speicher: 4085.85 MB
Verfügbarer virtueller Speicher: 2781.12 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:78.44 GB) NTFS
Drive g: () (Removable) (Total:29.8 GB) (Free:23.7 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 454C766C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

broni · 2016/07/30

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

jdag · 2016/07/30

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-07-2016
durchgeführt von esra (2016-07-31 01:19:53) Run:3
Gestartet von C:\Users\esra\Downloads
Geladene Profile: esra & UpdatusUser (Verfügbare Profile: esra & UpdatusUser)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Keine Datei
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Keine Datei
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [Keine Datei]
FF Plugin-x32: @IObit.com/np_Asc_Plugin -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2013-06-14 19:56 - 2014-04-17 14:57 - 0000000 _____ () C:\Users\esra\AppData\Roaming\bitlord_log.txt
2014-09-07 13:18 - 2014-09-15 02:17 - 0000168 _____ () C:\Users\esra\AppData\Roaming\mbam.context.scan
2014-02-18 22:49 - 2014-02-18 22:49 - 0003584 _____ () C:\Users\esra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-17 14:59 - 2014-04-17 14:59 - 0000218 _____ () C:\Users\esra\AppData\Local\recently-used.xbel
2013-09-13 21:10 - 2014-01-10 23:23 - 0017408 _____ () C:\Users\esra\AppData\Local\WebpageIcons.db
2015-12-28 10:15 - 2015-12-28 10:15 - 0000000 _____ () C:\Users\esra\AppData\Local\{013FB80A-5465-4A24-9464-D323431EBD01}
2015-05-15 10:59 - 2015-05-15 10:59 - 0000000 _____ () C:\Users\esra\AppData\Local\{CB538B1F-A37E-4A1D-8E45-85D8B457E16A}
2015-02-26 17:13 - 2015-02-26 17:13 - 0000000 _____ () C:\Users\esra\AppData\Local\{D8405990-2097-4A5E-B904-6220283A8F00}
AlternateDataStreams: C:\Users\esra\Downloads\ActiveSetupN.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\cdbxp_setup_4.5.1.4003_minimal.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\gusetup_slim_2.56.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\iview435_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\esra\Downloads\winrar-x64-420d.exe:BDU [0]

*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Schlüssel erfolgreich entfernt
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-2558726113-3221186071-4112726812-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert erfolgreich entfernt
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Wert erfolgreich entfernt
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Schlüssel nicht gefunden.
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@IObit.com/np_Asc_Plugin" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/GoogleUpdate;version=3" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/GoogleUpdate;version=9" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => Schlüssel erfolgreich entfernt
catchme => Dienst erfolgreich entfernt
C:\Users\esra\AppData\Roaming\bitlord_log.txt => erfolgreich verschoben
C:\Users\esra\AppData\Roaming\mbam.context.scan => erfolgreich verschoben
C:\Users\esra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => erfolgreich verschoben
C:\Users\esra\AppData\Local\recently-used.xbel => erfolgreich verschoben
C:\Users\esra\AppData\Local\WebpageIcons.db => erfolgreich verschoben
C:\Users\esra\AppData\Local\{013FB80A-5465-4A24-9464-D323431EBD01} => erfolgreich verschoben
C:\Users\esra\AppData\Local\{CB538B1F-A37E-4A1D-8E45-85D8B457E16A} => erfolgreich verschoben
C:\Users\esra\AppData\Local\{D8405990-2097-4A5E-B904-6220283A8F00} => erfolgreich verschoben
C:\Users\esra\Downloads\ActiveSetupN.exe => ":BDU" ADS erfolgreich entfernt.
C:\Users\esra\Downloads\cdbxp_setup_4.5.1.4003_minimal.exe => ":BDU" ADS erfolgreich entfernt.
C:\Users\esra\Downloads\gusetup_slim_2.56.exe => ":BDU" ADS erfolgreich entfernt.
C:\Users\esra\Downloads\iview435_setup.exe => ":BDU" ADS erfolgreich entfernt.
C:\Users\esra\Downloads\winrar-x64-420d.exe => ":BDU" ADS erfolgreich entfernt.

==== Ende von Fixlog 01:19:53 ====

broni · 2016/07/30

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

jdag · 2016/08/01

Security Check

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 20.0.0.235
Mozilla Firefox 40.0.3 Firefox out of Date!
Google Chrome (51.0.2704.103)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Farbar Service Scanner

Farbar Service Scanner Version: 27-01-2016
Ran by esra (administrator) on 31-07-2016 at 21:11:41
Running from "C:\Users\esra\AppData\Local\Temp\scoped_dir2320_5966 "
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Temp File Cleaner (TFC)

When the Scan was about 80% done, there was a Popup message: "A critical error has occurred. Windows will reboot in one Minute. Please save your files now. "
The laptop then rebooted.

The following scan with Sophos Free Virus Removal Tool, however, found no threats.

broni · 2016/08/01

Update Firefox to the current version.

Update Adobe Flash Player: Adobe Flash Player Install for all versions
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - Keep your Firefox healthy with a quick checkup
other browsers: Qualys BrowserCheck (click on "Scan without installing plugin" and then on "Scan now ")

5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): Personal Software Inspector. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: How did I get infected? - Anti-Virus, Anti-Malware, and Privacy Software
Simple and easy ways to keep your computer safe and secure on the Internet: Simple and easy ways to keep your computer safe and secure on the Internet
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: Answers to common security questions - Best Practices - Anti-Virus, Anti-Malware, and Privacy Software

12. Please, let me know, how your computer is doing.

jdag · 2016/08/01

Thank you! I'll be out of town for a few days, but I'll follow those last instructions when I get back this Saturday. I'll update then. Thanks again!

broni · 2016/08/01

OK

broni · 2016/08/07

The issue seems to be resolved.

jdag · 2016/08/08

Sorry for the late reply, I had some trouble with the Windows updates. I had it search for updates, but it always took so long that the laptop went into hibernation. So, I set it to automatically look for and install updates and continued with the rest. I figure it will update everything when my mum is using the computer.
I installed and ran everything, as instructed above and then returned the laptop to my mum. I'm teaching her how to perform the weekly scans and told her to contact me if they find anything. So far, everything seems to be working well.
Thank you very much

broni · 2016/08/08

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved Startup error c000021a {Fatal System Error}

jdag New Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdag New Member Thread Starter

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Startup error c000021a {Fatal System Error}

jdag New Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdag New Member Thread Starter

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jdag New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches