![]() |
|
Plagegeister aller Art und deren Bekämpfung: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe hallo wie gesagt ändern sich meine seiten manchmal auf suchseiten mit dns... suche und desweiteren glaube ich das ich einen trojaner bzw. ein backdoor trojaner habe. das sind meine log files: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02 Ran by Aslan (administrator) on ASLAN-PC on 01-08-2014 00:02:27 Running from C:\Users\Aslan\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvservice.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Aslan\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation) HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\MountPoints2: {3e931ad2-bcd9-11e3-9141-806e6f6e6963} - G:\XSManagerinstallation.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKCU - DefaultScope {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869 SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-07-31] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: hxxp://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ch CHR StartupUrls: "hxxp://www.google.com/" CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html", "chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html" CHR DefaultSearchKeyword: yahoo.com search CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05] CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05] CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05] CHR Extension: (Google Search) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05] CHR Extension: (New Tab Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof [2014-06-27] CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-15] CHR Extension: (Domain Error Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-15] CHR Extension: (Slick Savings) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-15] CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05] CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27] CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05] CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-15] CHR Extension: (Gmail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05] CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-04-05] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-04-05] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Aslan\AppData\Local\Slick Savings\coupons.crx [2014-04-05] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation) R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation) S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device) S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140730.002\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\ENG64.SYS [126040 2014-07-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\EX64.SYS [2099288 2014-07-25] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe 2014-08-01 00:02 - 2014-08-01 00:04 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt 2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST 2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe 2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log 2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable 2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe 2014-07-31 23:29 - 2014-07-31 23:30 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2) 2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt 2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe 2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe 2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe 2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com 2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe 2014-07-31 18:01 - 2014-07-31 23:31 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe 2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups 2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups 2014-07-31 17:40 - 2014-07-31 17:45 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log 2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe 2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part 2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten 2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe 2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList 2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc 2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 00:04 - 2014-08-01 00:02 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt 2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe 2014-08-01 00:03 - 2014-04-02 14:53 - 01081739 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST 2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe 2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log 2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable 2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan 2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe 2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-31 23:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner 2014-07-31 23:31 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-07-31 23:30 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2) 2014-07-31 23:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-31 23:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt 2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe 2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe 2014-07-31 20:13 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive 2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive 2014-07-31 19:09 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-31 19:09 - 2014-04-02 17:17 - 00051896 _____ () C:\Windows\PFRO.log 2014-07-31 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-31 19:09 - 2009-07-14 06:51 - 00035906 _____ () C:\Windows\setupact.log 2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe 2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com 2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe 2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe 2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups 2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups 2014-07-31 17:45 - 2014-07-31 17:40 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log 2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part 2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore 2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe 2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten 2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps 2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe 2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList 2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList 2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc 2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP: ==================== C:\Users\Aslan\AppData\Local\Temp\3i3dlmxv.dll C:\Users\Aslan\AppData\Local\Temp\BackupSetup.exe C:\Users\Aslan\AppData\Local\Temp\exthelper.exe C:\Users\Aslan\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 20:40 ==================== End Of Log ============================ AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02 Ran by Aslan at 2014-08-01 00:04:36 Running from C:\Users\Aslan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION) Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation) NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation) NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation) NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION) TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname) WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC) XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2081452760-1846932682-3364742643-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA) ==================== Restore Points ========================= 02-06-2014 22:09:06 Windows Update 12-06-2014 01:00:14 Windows Update 20-07-2014 03:58:32 Windows Update 21-07-2014 04:39:49 Windows Update 31-07-2014 17:18:35 Removed YTD Toolbar v9.6. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03E7EC13-72C1-43DB-8E0E-D08355EC0533} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing) Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.) Task: {5A7F1710-DE02-4198-8D2D-686F56CD3BB0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation) Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.) Task: {6A17E92D-3759-4371-9AB4-7C6D8793BA75} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {7245AAC1-C94F-4A5C-AE59-05F35A12007E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe 2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen. Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen. Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Ausnahmecode: 0x40000015 Fehleroffset: 0x00017670 ID des fehlerhaften Prozesses: 0x57f8 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2 Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3 Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Ausnahmecode: 0x40000015 Fehleroffset: 0x00017670 ID des fehlerhaften Prozesses: 0x5708 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2 Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3 Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea Ausnahmecode: 0x40000015 Fehleroffset: 0x00017670 ID des fehlerhaften Prozesses: 0x105c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2 Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3 Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xc08 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000223e0 ID des fehlerhaften Prozesses: 0x1b78 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000223e0 ID des fehlerhaften Prozesses: 0x3b4 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000223e0 ID des fehlerhaften Prozesses: 0x124 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ApplicationUpdater.exe, Version: 9.3.0.4, Zeitstempel: 0x5383487a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00081001 ID des fehlerhaften Prozesses: 0x6dc Startzeit der fehlerhaften Anwendung: 0xApplicationUpdater.exe0 Pfad der fehlerhaften Anwendung: ApplicationUpdater.exe1 Pfad des fehlerhaften Moduls: ApplicationUpdater.exe2 Berichtskennung: ApplicationUpdater.exe3 System errors: ============= Error: (07/31/2014 02:54:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (07/20/2014 06:03:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2971850) Error: (07/20/2014 06:01:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2973201) Error: (07/20/2014 06:00:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB2962872) Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Microsoft Office Sessions: ========================= Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen. Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen. Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea400000150001767057f801cfacc5c4733097C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exed94de6eb-18bb-11e4-9be6-047d7b74131f Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670570801cfacbb43e56281C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exec7161c7e-18ae-11e4-9be6-047d7b74131f Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670105c01cfa58369c6f45aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe771708e2-18ae-11e4-9be6-047d7b74131f Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bc0801cfa2bb642c8f65C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3175f691-0f44-11e4-9f70-047d7b74131f Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01b7801cf98439f529d3eC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlld6525c27-0438-11e4-ba8b-047d7b74131f Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e03b401cf960cea319e8fC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4ae8daa3-0201-11e4-ba8b-047d7b74131f Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e012401cf90afccf989cfC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllf1d38859-fca3-11e3-97f5-047d7b74131f Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ApplicationUpdater.exe9.3.0.45383487aunknown0.0.0.000000000c0000005000810016dc01cf89b20db4b532C:\Program Files (x86)\Application Updater\ApplicationUpdater.exeunknownb7f7156d-f5bb-11e3-8de2-047d7b74131f ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 4077.86 MB Available physical RAM: 1783.26 MB Total Pagefile: 8153.9 MB Available Pagefile: 5858.71 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:199.12 GB) (Free:141.51 GB) NTFS Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-01 00:18:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Aslan\AppData\Local\Temp\aglorpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031bb000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031bb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007711fcb0 5 bytes JMP 00000001002b091c .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007711fe14 5 bytes JMP 00000001002b0048 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007711fea8 5 bytes JMP 00000001002b02ee .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077120004 5 bytes JMP 00000001002b04b2 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077120038 5 bytes JMP 00000001002b09fe .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077120068 5 bytes JMP 00000001002b0ae0 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077120084 5 bytes JMP 0000000100020050 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007712079c 5 bytes JMP 00000001002b012a .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007712088c 5 bytes JMP 00000001002b0758 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000771208a4 5 bytes JMP 00000001002b0676 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077120df4 5 bytes JMP 00000001002b03d0 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077121920 5 bytes JMP 00000001002b0594 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077121be4 5 bytes JMP 00000001002b083a .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077121d70 5 bytes JMP 00000001002b020c .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007635524f 7 bytes JMP 00000001002b0f52 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763553d0 7 bytes JMP 00000001002c0210 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076355677 1 byte JMP 00000001002c0048 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076355679 5 bytes {JMP 0xffffffff89f6a9d1} .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007635589a 7 bytes JMP 00000001002b0ca6 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076355a1d 7 bytes JMP 00000001002c03d8 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076355c9b 7 bytes JMP 00000001002c012c .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076355d87 7 bytes JMP 00000001002c02f4 .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076357240 7 bytes JMP 00000001002b0e6e .text C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076691492 7 bytes JMP 00000001002c04bc ---- EOF - GMER 2.1 ---- vielen dank für eure hilfe Edit: nach dem erstellen des themas habe ich ein blue screen bekommen Geändert von filterfilter (31.07.2014 um 23:30 Uhr) |
Themen zu manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe |
adware, backdoor, browser, desktop, device driver, error, fehler, firefox, firefox 31.0, flash player, google, hijack, home, homepage, monitor, mozilla, newtab, programm, registry, security, services.exe, software, svchost.exe, symantec, system, trojaner, vcredist, warnung, windows, ändern |