manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

filterfilter · 31.07.2014, 23:24

hallo wie gesagt ändern sich meine seiten manchmal auf suchseiten mit dns... suche
und desweiteren glaube ich das ich einen trojaner bzw. ein backdoor trojaner habe.
das sind meine log files:

FRST:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Aslan (administrator) on ASLAN-PC on 01-08-2014 00:02:27
Running from C:\Users\Aslan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Aslan\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\MountPoints2: {3e931ad2-bcd9-11e3-9141-806e6f6e6963} - G:\XSManagerinstallation.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKCU - DefaultScope {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
				"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google Search) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (New Tab Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof [2014-06-27]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-15]
CHR Extension: (Domain Error Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-15]
CHR Extension: (Slick Savings) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-15]
CHR Extension: (Gmail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Aslan\AppData\Local\Slick Savings\coupons.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140730.002\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:02 - 2014-08-01 00:04 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:29 - 2014-07-31 23:30 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 23:31 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:40 - 2014-07-31 17:45 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 00:04 - 2014-08-01 00:02 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:03 - 2014-04-02 14:53 - 01081739 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-07-31 23:31 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 23:30 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 23:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 23:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 20:13 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:09 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 19:09 - 2014-04-02 17:17 - 00051896 _____ () C:\Windows\PFRO.log
2014-07-31 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 19:09 - 2009-07-14 06:51 - 00035906 _____ () C:\Windows\setupact.log
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:45 - 2014-07-31 17:40 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\3i3dlmxv.dll
C:\Users\Aslan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aslan\AppData\Local\Temp\exthelper.exe
C:\Users\Aslan\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================

--- --- ---
AdditionFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Aslan at 2014-08-01 00:04:36
Running from C:\Users\Aslan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2081452760-1846932682-3364742643-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Restore Points  =========================

02-06-2014 22:09:06 Windows Update
12-06-2014 01:00:14 Windows Update
20-07-2014 03:58:32 Windows Update
21-07-2014 04:39:49 Windows Update
31-07-2014 17:18:35 Removed YTD Toolbar v9.6.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7EC13-72C1-43DB-8E0E-D08355EC0533} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {5A7F1710-DE02-4198-8D2D-686F56CD3BB0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {6A17E92D-3759-4371-9AB4-7C6D8793BA75} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7245AAC1-C94F-4A5C-AE59-05F35A12007E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x57f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x5708
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1b78
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x3b4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x124
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ApplicationUpdater.exe, Version: 9.3.0.4, Zeitstempel: 0x5383487a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00081001
ID des fehlerhaften Prozesses: 0x6dc
Startzeit der fehlerhaften Anwendung: 0xApplicationUpdater.exe0
Pfad der fehlerhaften Anwendung: ApplicationUpdater.exe1
Pfad des fehlerhaften Moduls: ApplicationUpdater.exe2
Berichtskennung: ApplicationUpdater.exe3


System errors:
=============
Error: (07/31/2014 02:54:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/20/2014 06:03:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2971850)

Error: (07/20/2014 06:01:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2973201)

Error: (07/20/2014 06:00:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB2962872)

Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.


Microsoft Office Sessions:
=========================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea400000150001767057f801cfacc5c4733097C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exed94de6eb-18bb-11e4-9be6-047d7b74131f

Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670570801cfacbb43e56281C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exec7161c7e-18ae-11e4-9be6-047d7b74131f

Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670105c01cfa58369c6f45aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe771708e2-18ae-11e4-9be6-047d7b74131f

Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bc0801cfa2bb642c8f65C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3175f691-0f44-11e4-9f70-047d7b74131f

Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01b7801cf98439f529d3eC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlld6525c27-0438-11e4-ba8b-047d7b74131f

Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e03b401cf960cea319e8fC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4ae8daa3-0201-11e4-ba8b-047d7b74131f

Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e012401cf90afccf989cfC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllf1d38859-fca3-11e3-97f5-047d7b74131f

Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ApplicationUpdater.exe9.3.0.45383487aunknown0.0.0.000000000c0000005000810016dc01cf89b20db4b532C:\Program Files (x86)\Application Updater\ApplicationUpdater.exeunknownb7f7156d-f5bb-11e3-8de2-047d7b74131f


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4077.86 MB
Available physical RAM: 1783.26 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 5858.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:199.12 GB) (Free:141.51 GB) NTFS
Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---
Gmer
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 00:18:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Aslan\AppData\Local\Temp\aglorpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                      fffff800031bb000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                      fffff800031bb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          000000007711fcb0 5 bytes JMP 00000001002b091c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        000000007711fe14 5 bytes JMP 00000001002b0048
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 000000007711fea8 5 bytes JMP 00000001002b02ee
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077120004 5 bytes JMP 00000001002b04b2
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077120038 5 bytes JMP 00000001002b09fe
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077120068 5 bytes JMP 00000001002b0ae0
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077120084 5 bytes JMP 0000000100020050
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              000000007712079c 5 bytes JMP 00000001002b012a
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  000000007712088c 5 bytes JMP 00000001002b0758
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            00000000771208a4 5 bytes JMP 00000001002b0676
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077120df4 5 bytes JMP 00000001002b03d0
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077121920 5 bytes JMP 00000001002b0594
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077121be4 5 bytes JMP 00000001002b083a
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077121d70 5 bytes JMP 00000001002b020c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            000000007635524f 7 bytes JMP 00000001002b0f52
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000763553d0 7 bytes JMP 00000001002c0210
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000076355677 1 byte JMP 00000001002c0048
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000076355679 5 bytes {JMP 0xffffffff89f6a9d1}
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      000000007635589a 7 bytes JMP 00000001002b0ca6
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000076355a1d 7 bytes JMP 00000001002c03d8
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000076355c9b 7 bytes JMP 00000001002c012c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000076355d87 7 bytes JMP 00000001002c02f4
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000076357240 7 bytes JMP 00000001002b0e6e
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000076691492 7 bytes JMP 00000001002c04bc

---- EOF - GMER 2.1 ----

--- --- ---
vielen dank für eure hilfe
Edit: nach dem erstellen des themas habe ich ein blue screen bekommen

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

Plagegeister aller Art und deren Bekämpfung: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

Ähnliche Themen: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe