| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2014, 23:24
| #1 |
| |  manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe hallo wie gesagt ändern sich meine seiten manchmal auf suchseiten mit dns... suche und desweiteren glaube ich das ich einen trojaner bzw. ein backdoor trojaner habe. das sind meine log files: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Aslan (administrator) on ASLAN-PC on 01-08-2014 00:02:27
Running from C:\Users\Aslan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Aslan\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\MountPoints2: {3e931ad2-bcd9-11e3-9141-806e6f6e6963} - G:\XSManagerinstallation.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKCU - DefaultScope {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google Search) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (New Tab Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof [2014-06-27]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-15]
CHR Extension: (Domain Error Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-15]
CHR Extension: (Slick Savings) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-15]
CHR Extension: (Gmail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Aslan\AppData\Local\Slick Savings\coupons.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140730.002\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:02 - 2014-08-01 00:04 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:29 - 2014-07-31 23:30 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 23:31 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:40 - 2014-07-31 17:45 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 00:04 - 2014-08-01 00:02 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:03 - 2014-04-02 14:53 - 01081739 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-07-31 23:31 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 23:30 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 23:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 23:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 20:13 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:09 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 19:09 - 2014-04-02 17:17 - 00051896 _____ () C:\Windows\PFRO.log
2014-07-31 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 19:09 - 2009-07-14 06:51 - 00035906 _____ () C:\Windows\setupact.log
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:45 - 2014-07-31 17:40 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\3i3dlmxv.dll
C:\Users\Aslan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aslan\AppData\Local\Temp\exthelper.exe
C:\Users\Aslan\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-15 20:40
==================== End Of Log ============================
AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Aslan at 2014-08-01 00:04:36
Running from C:\Users\Aslan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2081452760-1846932682-3364742643-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
==================== Restore Points =========================
02-06-2014 22:09:06 Windows Update
12-06-2014 01:00:14 Windows Update
20-07-2014 03:58:32 Windows Update
21-07-2014 04:39:49 Windows Update
31-07-2014 17:18:35 Removed YTD Toolbar v9.6.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03E7EC13-72C1-43DB-8E0E-D08355EC0533} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {5A7F1710-DE02-4198-8D2D-686F56CD3BB0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {6A17E92D-3759-4371-9AB4-7C6D8793BA75} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7245AAC1-C94F-4A5C-AE59-05F35A12007E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.
Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x57f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3
Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x5708
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3
Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3
Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1b78
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x3b4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x124
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ApplicationUpdater.exe, Version: 9.3.0.4, Zeitstempel: 0x5383487a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00081001
ID des fehlerhaften Prozesses: 0x6dc
Startzeit der fehlerhaften Anwendung: 0xApplicationUpdater.exe0
Pfad der fehlerhaften Anwendung: ApplicationUpdater.exe1
Pfad des fehlerhaften Moduls: ApplicationUpdater.exe2
Berichtskennung: ApplicationUpdater.exe3
System errors:
=============
Error: (07/31/2014 02:54:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (07/20/2014 06:03:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2971850)
Error: (07/20/2014 06:01:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2973201)
Error: (07/20/2014 06:00:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB2962872)
Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Microsoft Office Sessions:
=========================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.
Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea400000150001767057f801cfacc5c4733097C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exed94de6eb-18bb-11e4-9be6-047d7b74131f
Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670570801cfacbb43e56281C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exec7161c7e-18ae-11e4-9be6-047d7b74131f
Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670105c01cfa58369c6f45aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe771708e2-18ae-11e4-9be6-047d7b74131f
Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bc0801cfa2bb642c8f65C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3175f691-0f44-11e4-9f70-047d7b74131f
Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01b7801cf98439f529d3eC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlld6525c27-0438-11e4-ba8b-047d7b74131f
Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e03b401cf960cea319e8fC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4ae8daa3-0201-11e4-ba8b-047d7b74131f
Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e012401cf90afccf989cfC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllf1d38859-fca3-11e3-97f5-047d7b74131f
Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ApplicationUpdater.exe9.3.0.45383487aunknown0.0.0.000000000c0000005000810016dc01cf89b20db4b532C:\Program Files (x86)\Application Updater\ApplicationUpdater.exeunknownb7f7156d-f5bb-11e3-8de2-047d7b74131f
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4077.86 MB
Available physical RAM: 1783.26 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 5858.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:199.12 GB) (Free:141.51 GB) NTFS
Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 00:18:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Aslan\AppData\Local\Temp\aglorpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031bb000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031bb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007711fcb0 5 bytes JMP 00000001002b091c
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007711fe14 5 bytes JMP 00000001002b0048
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007711fea8 5 bytes JMP 00000001002b02ee
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077120004 5 bytes JMP 00000001002b04b2
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077120038 5 bytes JMP 00000001002b09fe
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077120068 5 bytes JMP 00000001002b0ae0
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077120084 5 bytes JMP 0000000100020050
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007712079c 5 bytes JMP 00000001002b012a
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007712088c 5 bytes JMP 00000001002b0758
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000771208a4 5 bytes JMP 00000001002b0676
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077120df4 5 bytes JMP 00000001002b03d0
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077121920 5 bytes JMP 00000001002b0594
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077121be4 5 bytes JMP 00000001002b083a
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077121d70 5 bytes JMP 00000001002b020c
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007635524f 7 bytes JMP 00000001002b0f52
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763553d0 7 bytes JMP 00000001002c0210
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076355677 1 byte JMP 00000001002c0048
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076355679 5 bytes {JMP 0xffffffff89f6a9d1}
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007635589a 7 bytes JMP 00000001002b0ca6
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076355a1d 7 bytes JMP 00000001002c03d8
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076355c9b 7 bytes JMP 00000001002c012c
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076355d87 7 bytes JMP 00000001002c02f4
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076357240 7 bytes JMP 00000001002b0e6e
.text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076691492 7 bytes JMP 00000001002c04bc
---- EOF - GMER 2.1 ----
vielen dank für eure hilfe Edit: nach dem erstellen des themas habe ich ein blue screen bekommen Geändert von filterfilter (31.07.2014 um 23:30 Uhr) |
|
01.08.2014, 05:53
| #2 |
| /// the machine /// TB-Ausbilder    | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe hi,
__________________Scan mit Combofix
__________________ |
|
01.08.2014, 09:14
| #3 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Combofix Logfile:
__________________Code:
ATTFilter ComboFix 14-07-31.02 - Aslan 01.08.2014 10:06:22.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2653 [GMT 2:00]
ausgeführt von:: c:\users\Aslan\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-01 bis 2014-08-01 ))))))))))))))))))))))))))))))
.
.
2014-08-01 08:10 . 2014-08-01 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-01 01:54 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-01 00:16 . 2014-08-01 00:16 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-31 22:47 . 2014-08-01 01:56 -------- d-----w- C:\AdwCleaner
2014-07-31 22:36 . 2014-07-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2014-07-31 22:36 . 2014-08-01 00:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-31 22:36 . 2014-08-01 00:29 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-31 22:36 . 2014-08-01 00:29 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-31 22:02 . 2014-07-31 22:05 -------- d-----w- C:\FRST
2014-07-31 17:25 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-31 17:25 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-31 16:01 . 2014-07-31 16:01 -------- d-----w- c:\users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 16:01 . 2014-07-31 16:01 -------- d-----w- c:\programdata\Nico Mak Computing
2014-07-31 16:01 . 2013-03-15 15:10 20480 ----a-w- c:\windows\system32\wsusnative64.exe
2014-07-31 12:49 . 2014-07-31 12:49 -------- d-----w- c:\programdata\F-Secure
2014-07-31 01:31 . 2014-07-31 01:31 -------- d-sh--w- c:\users\Aslan\AppData\Local\EmieUserList
2014-07-31 01:31 . 2014-07-31 01:31 -------- d-sh--w- c:\users\Aslan\AppData\Local\EmieSiteList
2014-07-18 16:48 . 2014-08-01 00:12 -------- d-----w- c:\windows\system32\drivers\NISx64\1504000.00D
2014-07-18 16:20 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-18 16:20 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-18 16:20 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-18 16:20 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-18 16:20 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-18 16:20 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-20 04:00 . 2014-04-02 17:46 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-18 18:09 . 2014-04-05 16:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 18:09 . 2014-04-05 16:27 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1504000.00D\SYMNETS.SYS [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [x]
S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 11:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-05 18:09]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05 16:27]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05 16:27]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-WinZip Malware Protector_is1 - c:\program files (x86)\WinZip Malware Protector\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13;c:\program files (x86)\Norton Internet Security\Engine64\21.4.0.13"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-01 10:11:42
ComboFix-quarantined-files.txt 2014-08-01 08:11
.
Vor Suchlauf: 8 Verzeichnis(se), 151.654.182.912 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 153.377.386.496 Bytes frei
.
- - End Of File - - 64231960C0B7BFA736667EC7FBB7400C
|
|
01.08.2014, 20:07
| #4 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.08.2014, 21:13
| #5 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe ok alles gemacht, hier die logs. mbam Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.08.2014 Suchlauf-Zeit: 21:32:57 Logdatei: Mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.02.04 Rootkit Datenbank: v2014.08.01.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Aslan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 307293 Verstrichene Zeit: 9 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) JRTJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Aslan on 02.08.2014 at 21:59:59,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at 22:06:47,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 21:53:44
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Aslan - ASLAN-PC
# Gestartet von : C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [980 octets] - [02/08/2014 21:50:25]
AdwCleaner[S0].txt - [902 octets] - [02/08/2014 21:53:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [961 octets] ##########
die scans haben keine maleware befunde gemeldet FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 02-08-2014 22:08:56
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140801.018\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140801.018\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-02 22:08 - 2014-08-02 22:10 - 00014254 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:08 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-02 22:06 - 2014-08-02 22:07 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:50 - 2014-08-02 21:55 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-02 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-02 22:10 - 2014-08-02 22:08 - 00014254 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 22:09 - 2014-04-02 14:53 - 01925212 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:08 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-02 22:07 - 2014-08-02 22:06 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 22:04 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 22:04 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:57 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 21:57 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 21:56 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-02 21:56 - 2014-04-02 17:17 - 00060386 _____ () C:\Windows\PFRO.log
2014-08-02 21:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 21:56 - 2009-07-14 06:51 - 00036690 _____ () C:\Windows\setupact.log
2014-08-02 21:55 - 2014-08-02 21:50 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-02 21:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:34 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:25 - 2014-04-05 17:50 - 701890028 _____ () C:\Windows\MEMORY.DMP
2014-08-01 14:25 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-15 20:40
==================== End Of Log ============================
Geändert von filterfilter (02.08.2014 um 21:26 Uhr) |
|
03.08.2014, 07:05
| #6 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe |
|
03.08.2014, 12:39
| #7 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a106407653896744aaa6a91bfc25a01e # engine=19476 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-03 11:37:02 # local_time=2014-08-03 01:37:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 10294896 158695672 0 0 # scanned=131063 # found=0 # cleaned=0 # scan_time=2192 Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.145 Mozilla Firefox (31.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 03-08-2014 13:44:58
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-08-03]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys DE9FB3DADE8FD39AE2C587DF22D36B8E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btfilter.sys 2347ABBD13BADA65826FDAB4CAAFE357
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmntnet.sys 784CE219B4A02C20BCBC7A9A16F3E141
C:\Windows\System32\DRIVERS\cmnuusbser.sys C0B41B0A669F1E06E85050A86320E0AF
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys EBED8B3FF4A823C1A6EEBEED7B29353F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 158AD24745BD85BA9BE3C51C38F48C32
C:\Windows\System32\DRIVERS\nusb3xhc.sys D40A13B2C0891E218F9523B376955DB6
C:\Windows\System32\drivers\nvhda64v.sys 857FB74754EBFF94EE3AD40788740916
C:\Windows\System32\DRIVERS\nvlddmkm.sys 830886C8D7C17710F615C5705C41C9EA
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\Drivers\RTSUVSTOR.sys E54A5586A28D0630A79A68BBAB84BFCF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys 9D33204858E26CF6858BB3602BE399D2
C:\Windows\System32\Drivers\tosrfbnp.sys 90F0B1745ABF13F44C2A6ED79F7CE9FB
C:\Windows\System32\Drivers\tosrfcom.sys 9E4E65EA51E34647340BD6007467AC54
C:\Windows\System32\DRIVERS\tosrfec.sys F5E3AC4CBCD154EE80849B21887FD0B0
C:\Windows\System32\DRIVERS\Tosrfhid.sys 7D2467D3EB9BAA4B69AE4A28C83DE57A
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys 7052B10E54B48AF12BD5606596A8E039
C:\Windows\System32\DRIVERS\tosrfusb.sys C0837ACD637A55CD789179E123212B94
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 13:41 - 2014-08-03 13:41 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 12:48 - 2014-08-03 12:48 - 02347384 _____ (ESET) C:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
2014-08-02 22:10 - 2014-08-02 22:10 - 00012732 _____ () C:\Users\Aslan\Desktop\Addition.txt
2014-08-02 22:08 - 2014-08-03 13:46 - 00028386 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:08 - 2014-08-03 13:44 - 00000000 ____D () C:\FRST
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:06 - 2014-08-02 22:07 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:50 - 2014-08-02 21:55 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-03 03:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-03 12:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 13:46 - 2014-08-02 22:08 - 00028386 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-03 13:44 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-03 13:41 - 2014-08-03 13:41 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-08-03 13:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 13:12 - 2014-04-02 14:53 - 01999812 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 13:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 13:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 13:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:56 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 12:55 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 12:55 - 2014-04-03 20:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-03 12:55 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 12:55 - 2014-04-02 17:17 - 00823138 _____ () C:\Windows\PFRO.log
2014-08-03 12:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 12:55 - 2009-07-14 06:51 - 00036746 _____ () C:\Windows\setupact.log
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 12:48 - 2014-08-03 12:48 - 02347384 _____ (ESET) C:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
2014-08-03 03:43 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-02 22:10 - 2014-08-02 22:10 - 00012732 _____ () C:\Users\Aslan\Desktop\Addition.txt
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:07 - 2014-08-02 22:06 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:55 - 2014-08-02 21:50 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:25 - 2014-04-05 17:50 - 701890028 _____ () C:\Windows\MEMORY.DMP
2014-08-01 14:25 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 10:52 - 2014-04-02 17:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {06728b67-8a98-11e3-9a47-d3e71706d0de}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {06728b65-8a98-11e3-9a47-d3e71706d0de}
device ramdisk=[C:]\Recovery\06728b65-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b66-8a98-11e3-9a47-d3e71706d0de}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\06728b65-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b66-8a98-11e3-9a47-d3e71706d0de}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {06728b69-8a98-11e3-9a47-d3e71706d0de}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {06728b67-8a98-11e3-9a47-d3e71706d0de}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {06728b69-8a98-11e3-9a47-d3e71706d0de}
device ramdisk=[C:]\Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b6a-8a98-11e3-9a47-d3e71706d0de}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b6a-8a98-11e3-9a47-d3e71706d0de}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {06728b67-8a98-11e3-9a47-d3e71706d0de}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {06728b6a-8a98-11e3-9a47-d3e71706d0de}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\boot.sdi
LastRegBack: 2014-07-15 20:40
==================== End Of Log ============================
--- --- --- --- --- --- AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Aslan at 2014-08-03 13:46:37
Running from C:\Users\Aslan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.3.12 - Symantec Corporation)
NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-08-2014 15:31:41 Ende der Bereinigung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {F36FA16D-A6ED-4CE4-8354-C44497FD369F} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 01:38:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:59:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:50:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:49:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/03/2014 00:48:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (08/03/2014 00:44:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (08/03/2014 01:38:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/03/2014 00:59:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
Error: (08/03/2014 00:50:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
Error: (08/03/2014 00:49:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
Error: (08/03/2014 00:48:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4077.86 MB
Available physical RAM: 2279 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 6293.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:199.12 GB) (Free:151.27 GB) NTFS
Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Shortcuts Users shortcut scan result (x64) Version: 02-08-2014 Ran by Aslan at 2014-08-03 13:47:01 Running from C:\Users\Aslan\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\uistub.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager\XSManager deinstallieren.lnk -> C:\Program Files (x86)\XSManager\Uninstaller.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\eco Utility.lnk -> C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Help.lnk -> C:\Program Files\TOSHIBA\FlashCards\Help\Help.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Settings.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcConf.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Health Monitor.lnk -> C:\Program Files\TOSHIBA\TPHM\TPCHViewer.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Sleep Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\Help\Help.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Service Station.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Networking\Wireless LAN Indicator - Settings.lnk -> C:\Program Files (x86)\TOSHIBA\Wireless LAN Indicator\tosSettings.exe (TOSHIBA CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Add ConfigFree Gadgets.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfAddGadgets.exe (TOSHIBA CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\ConfigFree tray.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Connectivity Doctor.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Assistant.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BtAssist1.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Information Exchanger.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc1.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Settings.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth User Guide.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\UsrGuide.exe (TOSHIBA CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Remote Camera.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BIP_Camera1.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Wireless File Transfer.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP1.exe (TOSHIBA CORPORATION.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net-Accountverwaltung.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Tech-Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Handbuch.lnk -> C:\Program Files (x86)\Diablo III\Manual.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Deinstallation.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction registrieren.lnk -> C:\Program Files (x86)\Diablo II\Register Diablo II.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Grafiktest.lnk -> C:\Program Files (x86)\Diablo II\D2VidTst.exe (Blizzard North) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Battlestrike - Call to Victory.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\Lithtech.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Deinstallation.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Readme-Datei.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\ReadMe.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\Dokumente.lnk -> C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms () Shortcut: C:\Users\Aslan\Links\Desktop.lnk -> C:\Users\Aslan\Desktop () Shortcut: C:\Users\Aslan\Links\Downloads.lnk -> C:\Users\Aslan\Downloads () Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-549-MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-730-Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-920-McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Aslan\AppData\Local\Microsoft\Windows\GameExplorer\{E270DD10-5C59-4060-A76B-39BE302B0267}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\Users\Aslan\AppData\Local\Microsoft\Windows\GameExplorer\{9C936810-3679-4291-925F-9F8E39E4D57F}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North) Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\TOSHIBA Sleep Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA) Shortcut: C:\Users\Public\Desktop\WinZip Malware Protector.lnk -> C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (No File) Shortcut: C:\Users\Public\Desktop\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Profile Settings.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /profile ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Radar.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /radar ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\WPS Setup.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /wps ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Add New Connection.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.) -> W /AUTOMODE ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision aktivieren.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision deaktivieren.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe deinstallieren.LNK -> C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2014.7.3.12\InstStub.exe (Symantec Corporation) -> /X/shortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.LNK -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coSAStub.exe (Symantec Corporation) -> /install /force ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Deinstallieren.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll ShortcutWithArgument: C:\Users\Public\Desktop\Norton Identity Safe.LNK -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coSAStub.exe (Symantec Corporation) -> /install /force InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635 InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893 InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Aslan\Favorites\Links\Treiber herunterladen - Toshiba.url -> hxxp://www.toshiba.de/innovation/download_drivers_bios.jsp?service=DE InternetURL: C:\Users\Aslan\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Aslan\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 ==================== End of log ============================= checkup Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.145 Mozilla Firefox (31.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` keine probleme mehr, pc läuft gut Geändert von filterfilter (03.08.2014 um 12:51 Uhr) |
|
04.08.2014, 09:24
| #8 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2014, 21:21
| #9 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014 Ran by Aslan at 2014-08-04 11:06:07 Run:1 Running from C:\Users\Aslan\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html", "chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html" CHR DefaultSearchKeyword: yahoo.com search CHR DefaultNewTabURL: ***************** "chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html" => Error: No automatic fix found for this entry. CHR DefaultSearchKeyword: yahoo.com search ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultNewTabURL: => Error: No automatic fix found for this entry. ==== End of Fixlog ==== eben ist mir wieder was passiert, ich hatte einen stream geguckt und dann hat sich mein browser geschlossen und der sound wie nach einer neu anmeldung kam und als ich den browser geöffnet habe ist der in der f11 version gewesen und hat sich 2 mal geöffnet. Könnte das eventuell ein backdoor programm sein? |
|
05.08.2014, 14:54
| #10 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Wo haste den Stream geschaut?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2014, 15:15
| #11 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe kkiste.to ein streamcloud stream war es. Geändert von filterfilter (05.08.2014 um 15:48 Uhr) |
|
05.08.2014, 20:36
| #12 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe joah, Lernen durch Schmerz, ne? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2014, 20:44
| #13 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe also soweit ich weiß ist es ja nicht illegal filme zu gucken die nicht gespeichert werden ich gucke auch keinen online stream mehr. Trotzdem, norton zeigt keine bedrohung an, aber kann es sein das ich trotzdem ein program drauf hab? |
|
06.08.2014, 15:28
| #14 |
| /// the machine /// TB-Ausbilder | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe Illegal oder legal is erstmal egal, die Dinger sind meist total verseucht. Poste mal ein frisches FRST log, ich schau schnell drüber.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.08.2014, 17:10
| #15 |
| | manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe hallo schrauber, hier mein frst log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 Ran by Aslan (administrator) on ASLAN-PC on 06-08-2014 18:07:20 Running from C:\Users\Aslan\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvservice.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-08-06] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05] CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05] CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05] CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05] CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05] CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27] CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05] CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-08-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation) R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG) S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device) S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt 2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST 2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe 2014-08-06 17:55 - 2014-08-06 17:56 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp 2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt 2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt 2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com 2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11 2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11 2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe 2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP 2014-08-06 05:44 - 2014-08-06 05:45 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi 2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp 2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-08-06 00:24 - 2014-08-06 01:08 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype 2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype 2014-08-06 00:23 - 2014-08-06 00:25 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-06 00:23 - 2014-08-06 00:24 - 00000000 ____D () C:\ProgramData\Skype 2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk 2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 2014-08-05 23:53 - 2014-07-14 12:26 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2014-08-05 23:53 - 2014-07-14 12:26 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll 2014-08-05 23:53 - 2014-07-14 12:26 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll 2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG 2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG 2014-08-05 23:51 - 2014-08-06 00:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-08-05 23:50 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\AVG 2014-08-05 23:41 - 2014-08-05 23:42 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe 2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-08-05 22:41 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG 2014-08-05 22:40 - 2014-08-05 23:52 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-08-05 22:31 - 2014-08-06 16:11 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-05 22:31 - 2014-08-05 22:48 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014 2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe 2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData 2014-08-05 21:16 - 2014-08-05 21:32 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire 2014-08-05 21:16 - 2014-08-05 21:19 - 00000000 ____D () C:\ProgramData\Xfire 2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk 2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire 2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire 2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe 2014-08-04 21:54 - 2014-08-04 21:55 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip 2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip 2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun 2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 21:52 - 2014-08-04 21:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe 2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec 2014-08-03 13:53 - 2014-08-03 13:55 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe 2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe 2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-01 17:31 - 2014-08-04 11:12 - 00001233 _____ () C:\DelFix.txt 2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp 2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37} 2014-08-01 12:41 - 2014-08-03 03:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT 2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt 2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-01 00:36 - 2014-08-06 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp 2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe 2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable 2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2) 2014-07-31 22:45 - 2014-08-05 02:27 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt 2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe 2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe 2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups 2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups 2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part 2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten 2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe 2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList 2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc 2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt 2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST 2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe 2014-08-06 18:06 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 18:04 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-06 18:04 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-06 18:03 - 2014-04-03 20:41 - 00000000 ____D () C:\ProgramData\Norton 2014-08-06 18:03 - 2014-04-02 17:17 - 01309270 _____ () C:\Windows\PFRO.log 2014-08-06 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-06 18:03 - 2009-07-14 06:51 - 00036914 _____ () C:\Windows\setupact.log 2014-08-06 18:02 - 2014-04-02 14:53 - 01102563 _____ () C:\Windows\WindowsUpdate.log 2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-06 17:56 - 2014-08-06 17:55 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp 2014-08-06 17:55 - 2014-04-05 17:50 - 513888428 _____ () C:\Windows\MEMORY.DMP 2014-08-06 17:55 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump 2014-08-06 17:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-06 17:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-06 16:11 - 2014-08-05 22:31 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt 2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt 2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com 2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11 2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11 2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe 2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP 2014-08-06 05:46 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan 2014-08-06 05:45 - 2014-08-06 05:44 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi 2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp 2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-08-06 01:08 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype 2014-08-06 01:04 - 2014-04-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive 2014-08-06 00:25 - 2014-08-06 00:23 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype 2014-08-06 00:24 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Skype 2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-08-06 00:01 - 2014-08-05 23:51 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk 2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 2014-08-05 23:53 - 2014-08-05 23:50 - 00000000 ____D () C:\ProgramData\AVG 2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG 2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG 2014-08-05 23:52 - 2014-08-05 22:40 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-08-05 23:42 - 2014-08-05 23:41 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe 2014-08-05 22:48 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014 2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014 2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-08-05 22:42 - 2014-08-05 22:41 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG 2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe 2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData 2014-08-05 21:32 - 2014-08-05 21:16 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire 2014-08-05 21:29 - 2014-04-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Diablo II 2014-08-05 21:19 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Xfire 2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk 2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire 2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire 2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe 2014-08-05 02:27 - 2014-07-31 22:45 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt 2014-08-04 21:55 - 2014-08-04 21:54 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip 2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip 2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun 2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-04 21:51 - 2014-08-04 21:52 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe 2014-08-04 11:12 - 2014-08-01 17:31 - 00001233 _____ () C:\DelFix.txt 2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec 2014-08-03 13:55 - 2014-08-03 13:53 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe 2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe 2014-08-03 03:43 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2) 2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner 2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT 2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp 2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups 2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37} 2014-08-01 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto 2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt 2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp 2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe 2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable 2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive 2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive 2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe 2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups 2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part 2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore 2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten 2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps 2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe 2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList 2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-23 10:52 - 2014-04-02 17:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk 2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc 2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-14 12:26 - 2014-08-05 23:53 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2014-07-14 12:26 - 2014-08-05 23:53 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll 2014-07-14 12:26 - 2014-08-05 23:53 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll Some content of TEMP: ==================== C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 20:40 ==================== End Of Log ============================ grüße |
|
| Themen zu manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe |
| adware, backdoor, browser, desktop, device driver, error, fehler, firefox, firefox 31.0, flash player, google, hijack, home, homepage, monitor, mozilla, newtab, programm, registry, security, services.exe, software, svchost.exe, symantec, system, trojaner, vcredist, warnung, windows, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
