Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2014, 23:24   #1
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



hallo wie gesagt ändern sich meine seiten manchmal auf suchseiten mit dns... suche
und desweiteren glaube ich das ich einen trojaner bzw. ein backdoor trojaner habe.
das sind meine log files:

FRST:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Aslan (administrator) on ASLAN-PC on 01-08-2014 00:02:27
Running from C:\Users\Aslan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Aslan\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\MountPoints2: {3e931ad2-bcd9-11e3-9141-806e6f6e6963} - G:\XSManagerinstallation.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKCU - DefaultScope {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
				"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google Search) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (New Tab Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof [2014-06-27]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-15]
CHR Extension: (Domain Error Assistant) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-15]
CHR Extension: (Slick Savings) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-15]
CHR Extension: (Gmail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Aslan\AppData\Local\Slick Savings\coupons.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140730.002\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140731.001\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:02 - 2014-08-01 00:04 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:29 - 2014-07-31 23:30 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 23:31 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:40 - 2014-07-31 17:45 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 00:04 - 2014-08-01 00:02 - 00015946 _____ () C:\Users\Aslan\Downloads\FRST.txt
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-08-01 00:03 - 2014-04-02 14:53 - 01081739 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:02 - 2014-08-01 00:02 - 00000000 ____D () C:\FRST
2014-08-01 00:01 - 2014-08-01 00:01 - 02094080 _____ (Farbar) C:\Users\Aslan\Downloads\FRST64.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000472 _____ () C:\Users\Aslan\Downloads\defogger_disable.log
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:47 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 23:40 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-07-31 23:31 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 23:30 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 23:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 23:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 22:43 - 2014-07-31 22:43 - 00602112 _____ (OldTimer Tools) C:\Users\Aslan\Desktop\OTL.exe
2014-07-31 22:42 - 2014-07-31 22:42 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-07-31 20:13 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:09 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 19:09 - 2014-04-02 17:17 - 00051896 _____ () C:\Windows\PFRO.log
2014-07-31 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 19:09 - 2009-07-14 06:51 - 00035906 _____ () C:\Windows\setupact.log
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:32 - 2014-07-31 18:32 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 04892480 _____ (WinZip International LLC ) C:\Users\Aslan\Downloads\wzmp_8.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:47 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:45 - 2014-07-31 17:40 - 00010312 _____ () C:\Users\Aslan\Downloads\hijackthis.log
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:32 - 2014-07-31 17:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aslan\Desktop\HijackThis.exe
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\3i3dlmxv.dll
C:\Users\Aslan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aslan\AppData\Local\Temp\exthelper.exe
C:\Users\Aslan\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================
         
--- --- ---
AdditionFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Aslan at 2014-08-01 00:04:36
Running from C:\Users\Aslan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2081452760-1846932682-3364742643-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Restore Points  =========================

02-06-2014 22:09:06 Windows Update
12-06-2014 01:00:14 Windows Update
20-07-2014 03:58:32 Windows Update
21-07-2014 04:39:49 Windows Update
31-07-2014 17:18:35 Removed YTD Toolbar v9.6.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E7EC13-72C1-43DB-8E0E-D08355EC0533} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {5A7F1710-DE02-4198-8D2D-686F56CD3BB0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {6A17E92D-3759-4371-9AB4-7C6D8793BA75} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7245AAC1-C94F-4A5C-AE59-05F35A12007E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-07-31 23:51 - 2014-07-31 23:51 - 00050477 _____ () C:\Users\Aslan\Downloads\Defogger.exe
2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x57f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x5708
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017670
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3

Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1b78
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x3b4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x124
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ApplicationUpdater.exe, Version: 9.3.0.4, Zeitstempel: 0x5383487a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00081001
ID des fehlerhaften Prozesses: 0x6dc
Startzeit der fehlerhaften Anwendung: 0xApplicationUpdater.exe0
Pfad der fehlerhaften Anwendung: ApplicationUpdater.exe1
Pfad des fehlerhaften Moduls: ApplicationUpdater.exe2
Berichtskennung: ApplicationUpdater.exe3


System errors:
=============
Error: (07/31/2014 02:54:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/21/2014 06:58:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/20/2014 06:18:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/20/2014 06:03:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2971850)

Error: (07/20/2014 06:01:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2973201)

Error: (07/20/2014 06:00:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736cc fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB2962872)

Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/18/2014 06:23:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.


Microsoft Office Sessions:
=========================
Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Benachrichtigungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 05:48:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen.

Error: (07/31/2014 04:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea400000150001767057f801cfacc5c4733097C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exed94de6eb-18bb-11e4-9be6-047d7b74131f

Error: (07/31/2014 02:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670570801cfacbb43e56281C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exec7161c7e-18ae-11e4-9be6-047d7b74131f

Error: (07/31/2014 02:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaFlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aea4000001500017670105c01cfa58369c6f45aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe771708e2-18ae-11e4-9be6-047d7b74131f

Error: (07/19/2014 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bc0801cfa2bb642c8f65C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3175f691-0f44-11e4-9f70-047d7b74131f

Error: (07/05/2014 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01b7801cf98439f529d3eC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlld6525c27-0438-11e4-ba8b-047d7b74131f

Error: (07/02/2014 05:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e03b401cf960cea319e8fC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4ae8daa3-0201-11e4-ba8b-047d7b74131f

Error: (06/25/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e012401cf90afccf989cfC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllf1d38859-fca3-11e3-97f5-047d7b74131f

Error: (06/17/2014 03:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ApplicationUpdater.exe9.3.0.45383487aunknown0.0.0.000000000c0000005000810016dc01cf89b20db4b532C:\Program Files (x86)\Application Updater\ApplicationUpdater.exeunknownb7f7156d-f5bb-11e3-8de2-047d7b74131f


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4077.86 MB
Available physical RAM: 1783.26 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 5858.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:199.12 GB) (Free:141.51 GB) NTFS
Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
Gmer
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 00:18:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Aslan\AppData\Local\Temp\aglorpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                      fffff800031bb000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                      fffff800031bb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          000000007711fcb0 5 bytes JMP 00000001002b091c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        000000007711fe14 5 bytes JMP 00000001002b0048
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 000000007711fea8 5 bytes JMP 00000001002b02ee
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077120004 5 bytes JMP 00000001002b04b2
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077120038 5 bytes JMP 00000001002b09fe
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077120068 5 bytes JMP 00000001002b0ae0
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077120084 5 bytes JMP 0000000100020050
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              000000007712079c 5 bytes JMP 00000001002b012a
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  000000007712088c 5 bytes JMP 00000001002b0758
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            00000000771208a4 5 bytes JMP 00000001002b0676
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077120df4 5 bytes JMP 00000001002b03d0
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077121920 5 bytes JMP 00000001002b0594
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077121be4 5 bytes JMP 00000001002b083a
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077121d70 5 bytes JMP 00000001002b020c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            000000007635524f 7 bytes JMP 00000001002b0f52
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000763553d0 7 bytes JMP 00000001002c0210
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000076355677 1 byte JMP 00000001002c0048
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000076355679 5 bytes {JMP 0xffffffff89f6a9d1}
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      000000007635589a 7 bytes JMP 00000001002b0ca6
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000076355a1d 7 bytes JMP 00000001002c03d8
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000076355c9b 7 bytes JMP 00000001002c012c
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000076355d87 7 bytes JMP 00000001002c02f4
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000076357240 7 bytes JMP 00000001002b0e6e
.text     C:\Users\Aslan\Downloads\Gmer-19357.exe[5348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000076691492 7 bytes JMP 00000001002c04bc

---- EOF - GMER 2.1 ----
         
--- --- ---
vielen dank für eure hilfe
Edit: nach dem erstellen des themas habe ich ein blue screen bekommen

Geändert von filterfilter (31.07.2014 um 23:30 Uhr)

Alt 01.08.2014, 05:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 01.08.2014, 09:14   #3
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Combofix Logfile:
Code:
ATTFilter
ComboFix 14-07-31.02 - Aslan 01.08.2014  10:06:22.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2653 [GMT 2:00]
ausgeführt von:: c:\users\Aslan\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-01 bis 2014-08-01  ))))))))))))))))))))))))))))))
.
.
2014-08-01 08:10 . 2014-08-01 08:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-01 01:54 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-01 00:16 . 2014-08-01 00:16	--------	d-s---w-	c:\windows\system32\CompatTel
2014-07-31 22:47 . 2014-08-01 01:56	--------	d-----w-	C:\AdwCleaner
2014-07-31 22:36 . 2014-07-31 22:36	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-31 22:36 . 2014-08-01 00:40	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-31 22:36 . 2014-08-01 00:29	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-31 22:36 . 2014-08-01 00:29	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-31 22:02 . 2014-07-31 22:05	--------	d-----w-	C:\FRST
2014-07-31 17:25 . 2014-06-30 02:09	519168	----a-w-	c:\windows\system32\aepdu.dll
2014-07-31 17:25 . 2014-06-30 02:04	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-07-31 16:01 . 2014-07-31 16:01	--------	d-----w-	c:\users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 16:01 . 2014-07-31 16:01	--------	d-----w-	c:\programdata\Nico Mak Computing
2014-07-31 16:01 . 2013-03-15 15:10	20480	----a-w-	c:\windows\system32\wsusnative64.exe
2014-07-31 12:49 . 2014-07-31 12:49	--------	d-----w-	c:\programdata\F-Secure
2014-07-31 01:31 . 2014-07-31 01:31	--------	d-sh--w-	c:\users\Aslan\AppData\Local\EmieUserList
2014-07-31 01:31 . 2014-07-31 01:31	--------	d-sh--w-	c:\users\Aslan\AppData\Local\EmieSiteList
2014-07-18 16:48 . 2014-08-01 00:12	--------	d-----w-	c:\windows\system32\drivers\NISx64\1504000.00D
2014-07-18 16:20 . 2014-06-06 10:10	624128	----a-w-	c:\windows\system32\qedit.dll
2014-07-18 16:20 . 2014-06-06 09:44	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-07-18 16:20 . 2014-05-30 06:45	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2014-07-18 16:20 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-18 16:20 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-18 16:20 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-20 04:00 . 2014-04-02 17:46	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-18 18:09 . 2014-04-05 16:27	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 18:09 . 2014-04-05 16:27	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1504000.00D\SYMNETS.SYS [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [x]
S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 11:14	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-05 18:09]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05 16:27]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05 16:27]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-WinZip Malware Protector_is1 - c:\program files (x86)\WinZip Malware Protector\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13;c:\program files (x86)\Norton Internet Security\Engine64\21.4.0.13"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-01  10:11:42
ComboFix-quarantined-files.txt  2014-08-01 08:11
.
Vor Suchlauf: 8 Verzeichnis(se), 151.654.182.912 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 153.377.386.496 Bytes frei
.
- - End Of File - - 64231960C0B7BFA736667EC7FBB7400C
         
--- --- ---
__________________

Alt 01.08.2014, 20:07   #4
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.08.2014, 21:13   #5
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



ok alles gemacht, hier die logs.

mbam
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.08.2014
Suchlauf-Zeit: 21:32:57
Logdatei: Mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.02.04
Rootkit Datenbank: v2014.08.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Aslan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307293
Verstrichene Zeit: 9 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

JRTJRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Aslan on 02.08.2014 at 21:59:59,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at 22:06:47,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

AdwCleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 21:53:44
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Aslan - ASLAN-PC
# Gestartet von : C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [980 octets] - [02/08/2014 21:50:25]
AdwCleaner[S0].txt - [902 octets] - [02/08/2014 21:53:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [961 octets] ##########
         
--- --- ---

die scans haben keine maleware befunde gemeldet

FRST
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 02-08-2014 22:08:56
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-04-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
				"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-07-17] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140801.018\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140801.018\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 22:08 - 2014-08-02 22:10 - 00014254 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:08 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-02 22:06 - 2014-08-02 22:07 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:50 - 2014-08-02 21:55 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-02 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 22:10 - 2014-08-02 22:08 - 00014254 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 22:09 - 2014-04-02 14:53 - 01925212 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:08 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-02 22:07 - 2014-08-02 22:06 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 22:04 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 22:04 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:57 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 21:57 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 21:56 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-02 21:56 - 2014-04-02 17:17 - 00060386 _____ () C:\Windows\PFRO.log
2014-08-02 21:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 21:56 - 2009-07-14 06:51 - 00036690 _____ () C:\Windows\setupact.log
2014-08-02 21:55 - 2014-08-02 21:50 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-02 21:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:34 - 2014-04-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:25 - 2014-04-05 17:50 - 701890028 _____ () C:\Windows\MEMORY.DMP
2014-08-01 14:25 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-07-19 14:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-19 14:00 - 2014-04-03 20:41 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-19 14:00 - 2014-04-03 20:41 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 14:00 - 2014-04-03 20:41 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================
         
--- --- ---


Geändert von filterfilter (02.08.2014 um 21:26 Uhr)

Alt 03.08.2014, 07:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe

Alt 03.08.2014, 12:39   #7
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a106407653896744aaa6a91bfc25a01e
# engine=19476
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-03 11:37:02
# local_time=2014-08-03 01:37:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10294896 158695672 0 0
# scanned=131063
# found=0
# cleaned=0
# scan_time=2192

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 03-08-2014 13:44:58
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-08-03]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
				"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-08-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys DE9FB3DADE8FD39AE2C587DF22D36B8E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btfilter.sys 2347ABBD13BADA65826FDAB4CAAFE357
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmntnet.sys 784CE219B4A02C20BCBC7A9A16F3E141
C:\Windows\System32\DRIVERS\cmnuusbser.sys C0B41B0A669F1E06E85050A86320E0AF
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys EBED8B3FF4A823C1A6EEBEED7B29353F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 158AD24745BD85BA9BE3C51C38F48C32
C:\Windows\System32\DRIVERS\nusb3xhc.sys D40A13B2C0891E218F9523B376955DB6
C:\Windows\System32\drivers\nvhda64v.sys 857FB74754EBFF94EE3AD40788740916
C:\Windows\System32\DRIVERS\nvlddmkm.sys 830886C8D7C17710F615C5705C41C9EA
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\Drivers\RTSUVSTOR.sys E54A5586A28D0630A79A68BBAB84BFCF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys 9D33204858E26CF6858BB3602BE399D2
C:\Windows\System32\Drivers\tosrfbnp.sys 90F0B1745ABF13F44C2A6ED79F7CE9FB
C:\Windows\System32\Drivers\tosrfcom.sys 9E4E65EA51E34647340BD6007467AC54
C:\Windows\System32\DRIVERS\tosrfec.sys F5E3AC4CBCD154EE80849B21887FD0B0
C:\Windows\System32\DRIVERS\Tosrfhid.sys 7D2467D3EB9BAA4B69AE4A28C83DE57A
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys 7052B10E54B48AF12BD5606596A8E039
C:\Windows\System32\DRIVERS\tosrfusb.sys C0837ACD637A55CD789179E123212B94
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 13:41 - 2014-08-03 13:41 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 12:48 - 2014-08-03 12:48 - 02347384 _____ (ESET) C:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
2014-08-02 22:10 - 2014-08-02 22:10 - 00012732 _____ () C:\Users\Aslan\Desktop\Addition.txt
2014-08-02 22:08 - 2014-08-03 13:46 - 00028386 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-02 22:08 - 2014-08-03 13:44 - 00000000 ____D () C:\FRST
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:06 - 2014-08-02 22:07 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:50 - 2014-08-02 21:55 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-03 03:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-03 12:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 13:46 - 2014-08-02 22:08 - 00028386 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-03 13:44 - 2014-08-02 22:08 - 00000000 ____D () C:\FRST
2014-08-03 13:41 - 2014-08-03 13:41 - 00854390 _____ () C:\Users\Aslan\Desktop\SecurityCheck.exe
2014-08-03 13:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 13:12 - 2014-04-02 14:53 - 01999812 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 13:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 13:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 13:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:56 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 12:55 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 12:55 - 2014-04-03 20:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-03 12:55 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 12:55 - 2014-04-02 17:17 - 00823138 _____ () C:\Windows\PFRO.log
2014-08-03 12:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 12:55 - 2009-07-14 06:51 - 00036746 _____ () C:\Windows\setupact.log
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 12:48 - 2014-08-03 12:48 - 02347384 _____ (ESET) C:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe
2014-08-03 03:43 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-02 22:10 - 2014-08-02 22:10 - 00012732 _____ () C:\Users\Aslan\Desktop\Addition.txt
2014-08-02 22:08 - 2014-08-02 22:08 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-02 22:07 - 2014-08-02 22:06 - 00000625 _____ () C:\Users\Aslan\Desktop\JRT.txt
2014-08-02 21:58 - 2014-08-02 21:58 - 00001040 _____ () C:\Users\Aslan\Desktop\AdwCleaner[S0].txt
2014-08-02 21:55 - 2014-08-02 21:50 - 00000000 ____D () C:\AdwCleaner
2014-08-02 21:49 - 2014-08-02 21:49 - 01016261 _____ (Thisisu) C:\Users\Aslan\Desktop\JRT.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 01361309 _____ () C:\Users\Aslan\Desktop\adwcleaner_3.302.exe
2014-08-02 21:48 - 2014-08-02 21:48 - 00001156 _____ () C:\Users\Aslan\Desktop\Mbam.txt
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 17:31 - 00001614 _____ () C:\DelFix.txt
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:25 - 2014-04-05 17:50 - 701890028 _____ () C:\Windows\MEMORY.DMP
2014-08-01 14:25 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:52 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-07-31 22:45 - 2014-07-31 22:45 - 00002236 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 10:52 - 2014-04-02 17:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {06728b67-8a98-11e3-9a47-d3e71706d0de}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {06728b65-8a98-11e3-9a47-d3e71706d0de}
device                  ramdisk=[C:]\Recovery\06728b65-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b66-8a98-11e3-9a47-d3e71706d0de}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\06728b65-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b66-8a98-11e3-9a47-d3e71706d0de}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {06728b69-8a98-11e3-9a47-d3e71706d0de}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {06728b67-8a98-11e3-9a47-d3e71706d0de}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {06728b69-8a98-11e3-9a47-d3e71706d0de}
device                  ramdisk=[C:]\Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b6a-8a98-11e3-9a47-d3e71706d0de}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\Winre.wim,{06728b6a-8a98-11e3-9a47-d3e71706d0de}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {06728b67-8a98-11e3-9a47-d3e71706d0de}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {06728b6a-8a98-11e3-9a47-d3e71706d0de}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\06728b69-8a98-11e3-9a47-d3e71706d0de\boot.sdi



LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
AdditionFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Aslan at 2014-08-03 13:46:37
Running from C:\Users\Aslan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.03(T) Premium Edition - TOSHIBA CORPORATION)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.3.12 - Symantec Corporation)
NVIDIA 3D Vision Treiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Guard Service 1.3 (Version: 1.3 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - Ihr Firmenname)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 15:31:41 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {565721C5-E1D3-4A7F-BC5B-F66061E1B0EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {60EEEC3D-19F9-448A-B1D6-A6D8A0E55069} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {E0E235DA-6DC4-4B26-8A4D-8275250F0BA0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {F36FA16D-A6ED-4CE4-8354-C44497FD369F} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
Task: {F68B1DFD-8D9A-49D0-9936-2ABA502CCBFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-07-31 00:40 - 2014-07-31 00:40 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 01:38:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:59:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:50:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:49:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/03/2014 00:48:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/03/2014 00:44:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (08/03/2014 01:38:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/03/2014 00:59:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe

Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe

Error: (08/03/2014 00:58:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe

Error: (08/03/2014 00:50:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe

Error: (08/03/2014 00:49:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe

Error: (08/03/2014 00:48:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Aslan\Desktop\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 4077.86 MB
Available physical RAM: 2279 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 6293.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:199.12 GB) (Free:151.27 GB) NTFS
Drive d: () (Fixed) (Total:266.54 GB) (Free:266.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E4B604B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
Shortcuts
Users shortcut scan result (x64) Version: 02-08-2014
Ran by Aslan at 2014-08-03 13:47:01
Running from C:\Users\Aslan\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\uistub.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager\XSManager deinstallieren.lnk -> C:\Program Files (x86)\XSManager\Uninstaller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\eco Utility.lnk -> C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Help.lnk -> C:\Program Files\TOSHIBA\FlashCards\Help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards - Settings.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcConf.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Health Monitor.lnk -> C:\Program Files\TOSHIBA\TPHM\TPCHViewer.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Sleep Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\Help\Help.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Web Camera Application.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Service Station.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Networking\Wireless LAN Indicator - Settings.lnk -> C:\Program Files (x86)\TOSHIBA\Wireless LAN Indicator\tosSettings.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Add ConfigFree Gadgets.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfAddGadgets.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\ConfigFree tray.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Connectivity Doctor.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Assistant.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BtAssist1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Information Exchanger.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth Settings.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Bluetooth User Guide.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\UsrGuide.exe (TOSHIBA CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Remote Camera.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\BIP_Camera1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Wireless File Transfer.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP1.exe (TOSHIBA CORPORATION.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net-Accountverwaltung.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Tech-Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Handbuch.lnk -> C:\Program Files (x86)\Diablo III\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Deinstallation.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction registrieren.lnk -> C:\Program Files (x86)\Diablo II\Register Diablo II.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Grafiktest.lnk -> C:\Program Files (x86)\Diablo II\D2VidTst.exe (Blizzard North)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Battlestrike - Call to Victory.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\Lithtech.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Deinstallation.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive\Battlestrike - Call to Victory\Readme-Datei.lnk -> C:\Program Files (x86)\City Interactive\Battlestrike - Call to Victory\ReadMe.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\Dokumente.lnk -> C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
Shortcut: C:\Users\Aslan\Links\Desktop.lnk -> C:\Users\Aslan\Desktop ()
Shortcut: C:\Users\Aslan\Links\Downloads.lnk -> C:\Users\Aslan\Downloads ()
Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-549-MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-730-Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Shortcut: C:\Users\Aslan\Downloads\backups\backup-20140731-174727-920-McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Aslan\AppData\Local\Microsoft\Windows\GameExplorer\{E270DD10-5C59-4060-A76B-39BE302B0267}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\Users\Aslan\AppData\Local\Microsoft\Windows\GameExplorer\{9C936810-3679-4291-925F-9F8E39E4D57F}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\TOSHIBA Sleep Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleep.exe (TOSHIBA)
Shortcut: C:\Users\Public\Desktop\WinZip Malware Protector.lnk -> C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (No File)
Shortcut: C:\Users\Public\Desktop\XSManager.lnk -> C:\Program Files (x86)\XSManager\XSManager.exe ()




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Profile Settings.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /profile
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\Radar.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /radar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\ConfigFree\WPS Setup.lnk -> C:\Program Files (x86)\TOSHIBA\ConfigFree\cfmain.exe (TOSHIBA CORPORATION) -> /wps
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Bluetooth\Add New Connection.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ECCenter1.exe (TOSHIBA CORPORATION.) -> W /AUTOMODE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision aktivieren.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision deaktivieren.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe deinstallieren.LNK -> C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2014.7.3.12\InstStub.exe (Symantec Corporation) -> /X/shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.LNK -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coSAStub.exe (Symantec Corporation) -> /install /force
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Deinstallieren.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Aslan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch
ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\Users\Public\Desktop\Norton Identity Safe.LNK -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coSAStub.exe (Symantec Corporation) -> /install /force


InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Aslan\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Aslan\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Aslan\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Aslan\Favorites\Links\Treiber herunterladen - Toshiba.url -> hxxp://www.toshiba.de/innovation/download_drivers_bios.jsp?service=DE
InternetURL: C:\Users\Aslan\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Aslan\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================

checkup
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

keine probleme mehr, pc läuft gut

Geändert von filterfilter (03.08.2014 um 12:51 Uhr)

Alt 04.08.2014, 09:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
				"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.08.2014, 21:21   #9
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Aslan at 2014-08-04 11:06:07 Run:1
Running from C:\Users\Aslan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR NewTab: "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html",
"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultNewTabURL:
*****************

"chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html" => Error: No automatic fix found for this entry.
CHR DefaultSearchKeyword: yahoo.com search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultNewTabURL: => Error: No automatic fix found for this entry.

==== End of Fixlog ====

eben ist mir wieder was passiert, ich hatte einen stream geguckt und dann hat sich mein browser geschlossen und der sound wie nach einer neu anmeldung kam und als ich den browser geöffnet habe ist der in der f11 version gewesen und hat sich 2 mal geöffnet.
Könnte das eventuell ein backdoor programm sein?

Alt 05.08.2014, 14:54   #10
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Wo haste den Stream geschaut?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.08.2014, 15:15   #11
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



kkiste.to ein streamcloud stream war es.

Geändert von filterfilter (05.08.2014 um 15:48 Uhr)

Alt 05.08.2014, 20:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



joah, Lernen durch Schmerz, ne?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.08.2014, 20:44   #13
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



also soweit ich weiß ist es ja nicht illegal filme zu gucken die nicht gespeichert werden
ich gucke auch keinen online stream mehr.
Trotzdem, norton zeigt keine bedrohung an, aber kann es sein das ich trotzdem ein program drauf hab?

Alt 06.08.2014, 15:28   #14
schrauber
/// the machine
/// TB-Ausbilder
 

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



Illegal oder legal is erstmal egal, die Dinger sind meist total verseucht.


Poste mal ein frisches FRST log, ich schau schnell drüber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.08.2014, 17:10   #15
filterfilter
 
manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - Standard

manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe



hallo schrauber, hier mein frst log
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 06-08-2014 18:07:20
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-08-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-08-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST
2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-06 17:55 - 2014-08-06 17:56 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp
2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt
2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt
2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe
2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-06 05:44 - 2014-08-06 05:45 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi
2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp
2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-08-06 00:24 - 2014-08-06 01:08 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype
2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype
2014-08-06 00:23 - 2014-08-06 00:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-06 00:23 - 2014-08-06 00:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 23:53 - 2014-07-14 12:26 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-08-05 23:53 - 2014-07-14 12:26 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-08-05 23:53 - 2014-07-14 12:26 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG
2014-08-05 23:51 - 2014-08-06 00:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:50 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\AVG
2014-08-05 23:41 - 2014-08-05 23:42 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe
2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-05 22:41 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG
2014-08-05 22:40 - 2014-08-05 23:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-05 22:31 - 2014-08-06 16:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 22:31 - 2014-08-05 22:48 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014
2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe
2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData
2014-08-05 21:16 - 2014-08-05 21:32 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire
2014-08-05 21:16 - 2014-08-05 21:19 - 00000000 ____D () C:\ProgramData\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire
2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe
2014-08-04 21:54 - 2014-08-04 21:55 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 21:52 - 2014-08-04 21:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe
2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec
2014-08-03 13:53 - 2014-08-03 13:55 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-04 11:12 - 00001233 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-03 03:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-06 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-08-05 02:27 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST
2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-06 18:06 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 18:04 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 18:04 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 18:03 - 2014-04-03 20:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-06 18:03 - 2014-04-02 17:17 - 01309270 _____ () C:\Windows\PFRO.log
2014-08-06 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 18:03 - 2009-07-14 06:51 - 00036914 _____ () C:\Windows\setupact.log
2014-08-06 18:02 - 2014-04-02 14:53 - 01102563 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:56 - 2014-08-06 17:55 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp
2014-08-06 17:55 - 2014-04-05 17:50 - 513888428 _____ () C:\Windows\MEMORY.DMP
2014-08-06 17:55 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 17:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 17:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 16:11 - 2014-08-05 22:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt
2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt
2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe
2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-06 05:46 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-08-06 05:45 - 2014-08-06 05:44 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi
2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp
2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-08-06 01:08 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype
2014-08-06 01:04 - 2014-04-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-08-06 00:25 - 2014-08-06 00:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype
2014-08-06 00:24 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-08-06 00:01 - 2014-08-05 23:51 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 23:53 - 2014-08-05 23:50 - 00000000 ____D () C:\ProgramData\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG
2014-08-05 23:52 - 2014-08-05 22:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-05 23:42 - 2014-08-05 23:41 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe
2014-08-05 22:48 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-05 22:42 - 2014-08-05 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG
2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe
2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData
2014-08-05 21:32 - 2014-08-05 21:16 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire
2014-08-05 21:29 - 2014-04-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-08-05 21:19 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire
2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe
2014-08-05 02:27 - 2014-07-31 22:45 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-08-04 21:55 - 2014-08-04 21:54 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 21:51 - 2014-08-04 21:52 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe
2014-08-04 11:12 - 2014-08-01 17:31 - 00001233 _____ () C:\DelFix.txt
2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec
2014-08-03 13:55 - 2014-08-03 13:53 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 03:43 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 10:52 - 2014-04-02 17:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 12:26 - 2014-08-05 23:53 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-14 12:26 - 2014-08-05 23:53 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-14 12:26 - 2014-08-05 23:53 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================
         
--- --- ---

grüße

Antwort

Themen zu manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe
adware, backdoor, browser, desktop, device driver, error, fehler, firefox, firefox 31.0, flash player, google, hijack, home, homepage, monitor, mozilla, newtab, programm, registry, security, services.exe, software, svchost.exe, symantec, system, trojaner, vcredist, warnung, windows, ändern




Ähnliche Themen: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe


  1. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr
    Log-Analyse und Auswertung - 03.06.2015 (3)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  4. Webseiten werden umgeleitet - iStartSurf und mehr
    Log-Analyse und Auswertung - 07.04.2015 (20)
  5. Webseiten werden umgeleitet, oder sind nicht erreichbar.
    Log-Analyse und Auswertung - 22.01.2015 (8)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 10.01.2015 (10)
  7. Windows 8: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 01.08.2014 (5)
  8. Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (49)
  9. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.05.2014 (15)
  10. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 28.04.2014 (9)
  11. Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.04.2014 (5)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  13. Win 7 Lollipop Trojaner aktiv - Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 29.12.2013 (7)
  14. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)
  15. Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (12)
  16. Google Suchseiten werden gelegentlich umgeleitet
    Log-Analyse und Auswertung - 10.01.2010 (1)

Zum Thema manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe - hallo wie gesagt ändern sich meine seiten manchmal auf suchseiten mit dns... suche und desweiteren glaube ich das ich einen trojaner bzw. ein backdoor trojaner habe. das sind meine log - manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe...
Archiv
Du betrachtest: manchmal werden webseiten auf suchseiten umgeleitet + ich bin mir nicht sicher ob ich ein trojaner oder backdoor programm habe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.