Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Iminent lässt sich nicht entfernen (https://www.trojaner-board.de/156397-windows-7-iminent-laesst-entfernen.html)

neotobi 13.07.2014 13:23
Windows 7: Iminent lässt sich nicht entfernen
 
Hallo,

ich habe ein Problem mit meinem Computer.
Ich habe mir wohl aus irgendeinem Grund etwas eingefangen, dass sich Iminent nennt.
Meine Frage ist jetzt wie ich das wieder von meinem Computer entfernen kann.

Ich bedanke mich schon mal im Vorraus

schrauber 13.07.2014 14:53
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

neotobi 13.07.2014 15:27
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-13 13:22:03
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SP1614C rev.SW100-30 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys


---- System - GMER 2.1 ----

SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwAddBootEntry [0x8FC31BA6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwAssignProcessToJobObject [0x8FC32684]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateEvent [0x8FC3E6F8]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateEventPair [0x8FC3E744]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateIoCompletion [0x8FC3E8DE]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateMutant [0x8FC3E666]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwCreateSection [0x8FCE8DF0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateSemaphore [0x8FC3E6AE]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwCreateThread [0x8FCE9080]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwCreateThreadEx [0x8FCE916A]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwCreateTimer [0x8FC3E898]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwDebugActiveProcess [0x8FC33472]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwDeleteBootEntry [0x8FC31C0C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwDuplicateObject [0x8FC36C68]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwLoadDriver [0x8FC317F8]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwMapViewOfSection [0x8FCE8ED0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwModifyBootEntry [0x8FC31C72]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwNotifyChangeKey [0x8FC3705E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwNotifyChangeMultipleKeys [0x8FC33F5A]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenEvent [0x8FC3E722]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenEventPair [0x8FC3E766]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenIoCompletion [0x8FC3E902]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenMutant [0x8FC3E68C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenProcess [0x8FC36560]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenSection [0x8FC3E816]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenSemaphore [0x8FC3E6D6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenThread [0x8FC3694C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwOpenTimer [0x8FC3E8BC]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwProtectVirtualMemory [0x8FCE8C6E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwQueryObject [0x8FC33DCE]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwQueueApcThreadEx [0x8FC33ADC]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSetBootEntryOrder [0x8FC31CD8]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSetBootOptions [0x8FC31D3E]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwSetContextThread [0x8FCE8FCC]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSetSystemInformation [0x8FC31892]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSetSystemPowerState [0x8FC31A64]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwShutdownSystem [0x8FC319F2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSuspendProcess [0x8FC3363C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSuspendThread [0x8FC3379E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwSystemDebugControl [0x8FC31AEC]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwTerminateProcess [0x8FCE8D3C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwTerminateThread [0x8FC332CC]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                                        ZwVdmControl [0x8FC31DA4]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                                        ZwWriteVirtualMemory [0x8FCE8BA0]

---- Kernel code sections - GMER 2.1 ----

.text    ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                      82C84A15 1 Byte  [06]
.text    ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                        82CBE212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text    ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                            82CC5460 4 Bytes  [A6, 1B, C3, 8F]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                            82CC54E8 4 Bytes  [84, 26, C3, 8F]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                            82CC553C 8 Bytes  [F8, E6, C3, 8F, 44, E7, C3, ...]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                            82CC5548 4 Bytes  [DE, E8, C3, 8F]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                            82CC5564 4 Bytes  [66, E6, C3, 8F]
.text    ...                                                                                                                           
PAGE    ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                    82E804EF 4 Bytes  CALL 8FC34641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE    ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                  82E9A357 4 Bytes  CALL 8FC34657 \SystemRoot\system32\drivers\aswSnx.sys
.text    C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                      section is writeable [0x96425000, 0x141DE8, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Iminent\WinkHandler.exe[112] kernel32.dll!GetBinaryTypeW + 70                                                756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70                                                            756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70                                                          756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70                                                            756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\services.exe[528] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    ...                                                                                                                           
.text    C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter                              7569F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text    C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70                                      756B6AAC 1 Byte  [62]
.text    C:\Windows\System32\spoolsv.exe[1584] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1704] kernel32.dll!GetBinaryTypeW + 70                                  756B6AAC 1 Byte  [62]
.text    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] kernel32.dll!GetBinaryTypeW + 70  756B6AAC 1 Byte  [62]
.text    ...                                                                                                                           
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[4076] kernel32.dll!SetUnhandledExceptionFilter                              7569F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[4076] kernel32.dll!GetBinaryTypeW + 70                                      756B6AAC 1 Byte  [62]
.text    C:\Windows\System32\svchost.exe[4224] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\wbem\wmiprvse.exe[4296] kernel32.dll!GetBinaryTypeW + 70                                                  756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\AUDIODG.EXE[4548] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    C:\Windows\system32\msiexec.exe[4836] kernel32.dll!GetBinaryTypeW + 70                                                        756B6AAC 1 Byte  [62]
.text    ...                                                                                                                           
---- Processes - GMER 2.1 ----

Library  ´I²u¨òц…1w8ÿÑá-w (*** hidden *** ) @ C:\Windows\Explorer.EXE [3320]                                                        0x63D60000                                                                                                                                         

---- EOF - GMER 2.1 ----
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:02 on 13/07/2014 (Tobias)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-07-2014
Ran by Tobias at 2014-07-13 12:59:20
Running from C:\Users\Tobias\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DVDFab 9.1.2.5 (22/01/2014) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Free YouTube Download version 3.2.31.325 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.31.325 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haus der 1000 Türen - Das Juwel des Zarathustra (HKLM\...\Haus der 1000 Türen - Das Juwel des Zarathustra) (Version:  - )
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
K-Lite Codec Pack 10.4.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TL-WN851ND Driver (HKLM\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.324 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.324 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.324 - TuneUp Software) Hidden
00-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

03-04-2014 10:10:38 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
04-04-2014 07:02:51 Windows Update
12-07-2014 19:12:46 Windows Update
12-07-2014 19:15:09 avast! antivirus system restore point
12-07-2014 19:29:31 DirectX wurde installiert
12-07-2014 19:54:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {40834AAA-0B2B-4157-9F3F-1F122C7A99D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {59CFD4D0-D56C-4D74-96FC-830108DD6A0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {8A9E258F-9FA9-4EE8-84DB-D1E739174231} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {B5C374A2-45DB-4591-8E99-9F2947EC19ED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12] (AVAST Software)
Task: {BC04D050-B229-4DD3-A9A3-DC4FF8E79AC7} - System32\Tasks\Amazon Music Helper => C:\Users\Tobias\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2014-03-07] ()
Task: {C412B9CA-E779-44FF-BB10-EF1541A060C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {D02D2F7D-3A72-4FB9-BB5E-EAB08E5B75C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D5628869-007E-42BB-A89A-14F13F895820} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-06-16] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-12 21:18 - 2014-07-12 21:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-12 20:30 - 2014-07-12 20:30 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071200\algo.dll
2014-07-13 11:30 - 2014-07-13 11:30 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071300\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-16 13:14 - 2014-06-16 13:14 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-04-03 08:14 - 2014-03-26 17:45 - 00425792 ____N () C:\Program Files\Iminent\WinkHandler.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-12 21:18 - 2014-07-12 21:18 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-16 18:39 - 2014-07-12 20:59 - 36966968 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\Data\libcef.dll
2014-03-16 18:39 - 2014-07-12 20:59 - 00598072 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-03-16 18:39 - 2014-07-12 20:59 - 00886840 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-03-16 18:39 - 2014-07-12 20:59 - 00108600 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-12 22:10 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-12 22:09 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-12 22:12 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-12 22:15 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-12 22:09 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: COM3
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2014 11:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x16cc
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (07/12/2014 11:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xac8
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11170

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11170

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10172

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10172

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 02:02:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (04/06/2014 02:02:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173


System errors:
=============
Error: (07/13/2014 11:26:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst TuneUp Utilities Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/12/2014 09:12:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/12/2014 09:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (07/12/2014 09:08:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2014 09:04:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde nicht richtig gestartet.

Error: (07/12/2014 09:03:00 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/12/2014 08:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083

Error: (07/12/2014 08:29:45 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/12/2014 08:29:44 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (04/07/2014 06:19:45 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (07/12/2014 11:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.7601.18150518c6df8unknown0.0.0.000000000c00000050000000016cc01cf9e1b700a2246C:\Program Files\Windows Media Player\wmplayer.exeunknownaf01df48-0a0e-11e4-bcdb-00219b30f5be

Error: (07/12/2014 11:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.7601.18150518c6df8unknown0.0.0.000000000c000000500000000ac801cf9e1b68939fccC:\Program Files\Windows Media Player\wmplayer.exeunknowna9fba2a3-0a0e-11e4-bcdb-00219b30f5be

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11170

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11170

Error: (04/06/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10172

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10172

Error: (04/06/2014 02:02:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 02:02:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (04/06/2014 02:02:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3325.61 MB
Available physical RAM: 1464.99 MB
Total Pagefile: 6649.51 MB
Available Pagefile: 4311.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:83.45 GB) NTFS
Drive f: (OFFICE14) (CDROM) (Total:0.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F5E3B4CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-07-2014
Ran by Tobias (administrator) on TOBIAS-PC on 13-07-2014 12:57:54
Running from C:\Users\Tobias\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
() C:\Program Files\Iminent\WinkHandler.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
() C:\Program Files\Iminent\WinkHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\spotify.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) F:\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3349335927-1511869598-3432120251-1000\...\Run: [Spotify Web Helper] => C:\Users\Tobias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-12] (Spotify Ltd)
HKU\S-1-5-21-3349335927-1511869598-3432120251-1000\...\Run: [Spotify] => C:\Users\Tobias\AppData\Roaming\Spotify\spotify.exe [6189624 2014-07-12] (Spotify Ltd)
HKU\S-1-5-21-3349335927-1511869598-3432120251-1000\...\MountPoints2: {26619ee3-ad1c-11e3-a2e9-806e6f6e6963} - F:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxy8bIt8R8ib3XfjRRY,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2CuMwDdk0JTsWQEmstmTqS1NQk4vyofJ1mYIC9OAlaZ23hxEi7h_fAo_ik_xiBwi_utuDsGiQnhR7JnvXk46MZlnynKt6fT2RsIQ,
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33DC7DBA2A41CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxy8bIt8R8ib3XfjRRY,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtAtD0FyD0B0E0EyD0F0AtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0DzyyByByD0B0CtG0EyDtByEtG0FtAzzzytGyE0C0FzztGtCzztC0BtB0E0B0AzyyE0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0D0BtCzz0FtBtGyB0BzztCtGyEzz0CtBtGtAzztB0DtGyDyCtD0FyC0E0Czz0C0ByBtC2Q&cr=1536247259&ir=
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxvhEJ8A5cMNizc2HGI,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxvhEJ8A5cMNizc2HGI,&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtAtD0FyD0B0E0EyD0F0AtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0DzyyByByD0B0CtG0EyDtByEtG0FtAzzzytGyE0C0FzztGtCzztC0BtB0E0B0AzyyE0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0D0BtCzz0FtBtGyB0BzztCtGyEzz0CtBtGtAzztB0DtGyDyCtD0FyC0E0Czz0C0ByBtC2Q&cr=1536247259&ir=
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxy8bIt8R8ib3XfjRRY,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2Cu_HteiEREIIYKto_7TtguDUoK886QQ1g1_2DhtK4MDM0SBjtcXnbCC7WeTqim0kHP6Rdb8r5NdJdwXqnxy8bIt8R8ib3XfjRRY,&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16]

Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLHkFGoHlWnUCNNMq7MR_p66QAawNfr53wA3N99GGfSWqm_RQM0S6c1zG_SlIxz2CuMwDdk0JTsWQEmstmTqS1NQk4vyofJ1mYIC9OAlaZ23hxEi7h_fAo_ik_xiBwi_utuDsGiQnhR7JnvXk4m4XDLMdqA9dK9evfs,
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]
CHR Extension: (Google-Suche) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-18]
CHR Extension: (avast! Online Security) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Google Mail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" [2014-07-12]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-06-16] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [425792 2014-03-26] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-12] ()
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-03-29] (CACE Technologies, Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 12:57 - 2014-07-13 12:58 - 00013800 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-07-13 12:57 - 2014-07-13 12:57 - 00000000 ____D () C:\FRST
2014-07-13 12:56 - 2014-07-13 12:56 - 01077248 _____ (Farbar) C:\Users\Tobias\Downloads\FRST.exe
2014-07-13 12:55 - 2014-07-13 12:56 - 00000474 _____ () C:\Users\Tobias\Downloads\defogger_disable.log
2014-07-13 12:55 - 2014-07-13 12:55 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-07-13 12:54 - 2014-07-13 12:54 - 00050477 _____ () C:\Users\Tobias\Downloads\Defogger.exe
2014-07-13 12:27 - 2014-07-13 12:27 - 00000490 _____ () C:\Users\Tobias\Desktop\cpuz.ini
2014-07-12 23:53 - 2014-07-12 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 22:14 - 2014-07-12 22:14 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-12 21:42 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-12 21:42 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-12 21:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-12 21:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-12 21:41 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 21:41 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 21:41 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 21:41 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 21:41 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 21:41 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 21:41 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 21:41 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 21:41 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 21:41 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 21:41 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 21:41 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 21:41 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 21:41 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 21:41 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 21:41 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 21:41 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 21:41 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 21:41 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 21:41 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 21:41 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 21:41 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 21:41 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 21:41 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 21:41 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 21:41 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 21:41 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-07-12 21:41 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-12 21:41 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-07-12 21:41 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-07-12 21:41 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-07-12 21:40 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 21:40 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 21:40 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 21:40 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 21:39 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 21:39 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 21:39 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 21:39 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 21:39 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-12 21:39 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-12 21:39 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-12 21:39 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-12 21:39 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-12 21:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 21:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 21:38 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-12 21:38 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-12 21:32 - 2014-06-16 13:13 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-12 21:31 - 2014-06-16 13:13 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-12 21:31 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-07-12 21:31 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-07-12 21:31 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-07-12 21:31 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-07-12 21:31 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-07-12 21:31 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-07-12 21:31 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-07-12 21:31 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-07-12 21:31 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-07-12 21:31 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-07-12 21:31 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-07-12 21:31 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-07-12 21:31 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-07-12 21:31 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-07-12 21:31 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-07-12 21:31 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-07-12 21:31 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-07-12 21:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-07-12 21:31 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-07-12 21:31 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-07-12 21:31 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-07-12 21:31 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-07-12 21:31 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-07-12 21:31 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-07-12 21:31 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-07-12 21:31 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-07-12 21:31 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-07-12 21:31 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-07-12 21:31 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-07-12 21:31 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-07-12 21:31 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-12 21:31 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-12 21:31 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-12 21:31 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-07-12 21:31 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-07-12 21:31 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-07-12 21:31 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-12 21:31 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-12 21:31 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-12 21:31 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-07-12 21:31 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-07-12 21:31 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-07-12 21:31 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-07-12 21:31 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-07-12 21:31 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-07-12 21:31 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-07-12 21:31 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-07-12 21:31 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-07-12 21:31 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-07-12 21:31 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-07-12 21:31 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-07-12 21:31 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-07-12 21:31 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-07-12 21:31 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-07-12 21:31 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-07-12 21:31 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-07-12 21:31 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-07-12 21:31 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-07-12 21:31 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-07-12 21:31 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-07-12 21:31 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-07-12 21:31 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-07-12 21:31 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-07-12 21:31 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-07-12 21:31 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-07-12 21:31 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-07-12 21:31 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-07-12 21:31 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-07-12 21:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-07-12 21:31 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-07-12 21:31 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-07-12 21:31 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-07-12 21:31 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-07-12 21:31 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-07-12 21:30 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-07-12 21:30 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-07-12 21:30 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-07-12 21:30 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-07-12 21:30 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-07-12 21:30 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-07-12 21:30 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-07-12 21:30 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-07-12 21:30 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-07-12 21:30 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-07-12 21:30 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-07-12 21:30 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-07-12 21:30 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-07-12 21:30 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-07-12 21:30 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-07-12 21:30 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-07-12 21:29 - 2014-07-12 21:29 - 00000000 ____D () C:\Users\Tobias\AppData\Local\TuneUp Software
2014-07-12 21:28 - 2014-07-12 21:31 - 00000000 ____D () C:\Windows\system32\directx
2014-07-12 21:28 - 2014-07-12 21:29 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-12 21:28 - 2014-07-12 21:28 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-07-12 21:28 - 2014-07-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-07-12 21:28 - 2014-07-12 21:28 - 00000000 ____D () C:\Games
2014-07-12 21:19 - 2014-07-12 21:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 21:19 - 2014-07-12 21:19 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-12 21:11 - 2014-07-12 21:12 - 09304408 _____ (Wargaming.net ) C:\Users\Tobias\Downloads\WoT_internet_install_eu.exe
2014-07-12 21:09 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 21:09 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 21:09 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-12 21:09 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-12 21:09 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-12 21:09 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-12 21:09 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-12 21:08 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 21:08 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-12 21:08 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-07-12 21:08 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-07-12 21:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-07-12 21:08 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-07-12 21:08 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

==================== One Month Modified Files and Folders =======

2014-07-13 12:58 - 2014-07-13 12:57 - 00013800 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-07-13 12:58 - 2014-03-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 12:57 - 2014-07-13 12:57 - 00000000 ____D () C:\FRST
2014-07-13 12:56 - 2014-07-13 12:56 - 01077248 _____ (Farbar) C:\Users\Tobias\Downloads\FRST.exe
2014-07-13 12:56 - 2014-07-13 12:55 - 00000474 _____ () C:\Users\Tobias\Downloads\defogger_disable.log
2014-07-13 12:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-13 12:56 - 2009-07-14 04:04 - 00000387 _____ () C:\Windows\win.ini
2014-07-13 12:55 - 2014-07-13 12:55 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-07-13 12:55 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\Tobias
2014-07-13 12:54 - 2014-07-13 12:54 - 00050477 _____ () C:\Users\Tobias\Downloads\Defogger.exe
2014-07-13 12:48 - 2014-03-16 17:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 12:27 - 2014-07-13 12:27 - 00000490 _____ () C:\Users\Tobias\Desktop\cpuz.ini
2014-07-13 12:27 - 2014-03-16 17:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 11:59 - 2014-03-16 17:06 - 02057439 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 11:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-13 11:38 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 11:38 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 11:33 - 2014-03-16 18:38 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Spotify
2014-07-13 11:30 - 2014-03-16 17:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 11:29 - 2014-04-07 18:17 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-07-13 11:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 11:28 - 2009-07-14 06:39 - 00025921 _____ () C:\Windows\setupact.log
2014-07-13 11:23 - 2014-03-16 19:59 - 00119998 _____ () C:\Windows\PFRO.log
2014-07-13 11:23 - 2009-07-14 06:33 - 00340000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 23:53 - 2014-07-12 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 23:53 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 23:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-12 23:52 - 2014-04-03 21:42 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc
2014-07-12 22:28 - 2014-03-16 17:31 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-12 22:14 - 2014-07-12 22:14 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-12 22:05 - 2014-03-16 18:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 21:37 - 2014-03-16 17:11 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 21:34 - 2014-04-06 11:06 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-12 21:31 - 2014-07-12 21:28 - 00000000 ____D () C:\Windows\system32\directx
2014-07-12 21:29 - 2014-07-12 21:29 - 00000000 ____D () C:\Users\Tobias\AppData\Local\TuneUp Software
2014-07-12 21:29 - 2014-07-12 21:28 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-12 21:28 - 2014-07-12 21:28 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-07-12 21:28 - 2014-07-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-07-12 21:28 - 2014-07-12 21:28 - 00000000 ____D () C:\Games
2014-07-12 21:27 - 2014-03-16 17:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-12 21:27 - 2014-03-16 17:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-12 21:19 - 2014-07-12 21:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 21:19 - 2014-07-12 21:19 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-12 21:19 - 2014-03-31 17:00 - 00000000 ____D () C:\Windows\system32\Lang
2014-07-12 21:19 - 2014-03-16 17:21 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-12 21:19 - 2014-03-16 17:21 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 21:19 - 2014-03-16 17:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-12 21:18 - 2014-03-31 17:00 - 00000000 ____D () C:\Program Files\Intel
2014-07-12 21:13 - 2014-03-16 18:39 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Spotify
2014-07-12 21:12 - 2014-07-12 21:11 - 09304408 _____ (Wargaming.net ) C:\Users\Tobias\Downloads\WoT_internet_install_eu.exe
2014-07-12 21:10 - 2014-04-03 12:10 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-06-30 03:40 - 2014-07-12 21:09 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-12 21:09 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:38 - 2014-03-16 18:49 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-20 21:39 - 2014-07-12 21:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 02:16 - 2014-07-12 21:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-12 21:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-12 21:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-12 21:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-12 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-12 21:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-12 21:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-12 21:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-12 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-12 21:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-12 21:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-12 21:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-12 21:41 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-12 21:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-12 21:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-12 21:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-12 21:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-12 21:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-12 21:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-12 21:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-12 21:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:52 - 2014-07-12 21:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:49 - 2014-07-12 21:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-12 21:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-12 21:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-12 21:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-12 21:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-12 21:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-12 21:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 03:51 - 2014-07-12 21:39 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 02:52 - 2014-07-12 21:39 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-16 13:13 - 2014-07-12 21:32 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-06-16 13:13 - 2014-07-12 21:31 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-06-16 13:13 - 2014-04-06 11:08 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 11:57

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 14.07.2014 13:52
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131