| |
| |||||||
Log-Analyse und Auswertung: Avast RootkitmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.11.2013, 18:02
| #1 |
| |  Avast Rootkitmeldung Hi Leute ich hatte eben eine Meldung von Avast über ein Rootkit.Der Rechner wurde dann neu gestartet. In Avast kann ich aber keine Eintrag finden über den Namen des Rootkit /noch wo es war. Der Rechner ist etwas langsam in Letzter Zeit geworden,Außerdem gibt es beim Runterfahren öfter Meldungen noch Hintergrundprogramme geschlossen werden müssen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by benrufus (administrator) on BENRUFUS-PC on 07-11-2013 17:44:59
Running from C:\Users\benrufus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1178624 2011-08-22] (Sphinx Software)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD)
MountPoints2: {a76229f1-5c88-11e2-aa86-d43d7e00be67} - E:\Startme.exe
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [65536 2007-01-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-07] (AVAST Software)
Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
SearchScopes: HKLM - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
SearchScopes: HKCU - {094CB164-F8E4-4014-9A7C-8E7D4D58F311} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F7074E12-7D4B-4D07-8B45-EEEC289C765B&apn_sauid=B1C0BD14-6B0B-4DFC-82BB-15918AD1B35F
SearchScopes: HKCU - {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983
FF user.js: detected! => C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage: about:newtab?source=home
CHR RestoreOnStartup: "about:newtab?source=home"], "restore_on_startup_migrated":true, "restore_on_startup":4}, "countryid_at_install":17477, "homepage_is_newtabpage":"true", "extensions":{"autoupdate":{"next_check":"13002491508116376"}, "settings":{"fgibjgmnimooanbagcfpnkmngejcojaf":{"ack_external":true}, "ahfgeienlihckogmohjhadlkjgocpleb":{"page_ordinal":"n", "app_launcher_ordinal":"n"}, "coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "aohghmighlieiainnegkcijnfilokake":{"from_bookmark":false, "location":1, "ack_external":true, "path":"aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0", "exclude_from_sideload_wipeout":true, "was_installed_by_default":true, "install_time":"13002474549230452", "creation_flags":137, "page_ordinal":"n", "manifest":{"app":{"launch":{"local_path":"main.html"}}, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB", "version":"0.0.0.6", "update_url":"hxxp://clients2.google.com/service/update2/crx", "name":"Docs", "icons":{"128":"icon_128.png", "16":"icon_16.png"}, "offline_enabled":true, "description":"Create, share, and access your Google Docs from anywhere.", "manifest_version":2}, "state":1, "from_webstore":true, "app_launcher_ordinal":"t"}, "apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true, "exclude_from_sideload_wipeout":true}}, "chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "last_chrome_version":"24.0.1312.52"}, "distribution":{"oem_bubble":true, "skip_first_run_ui":true, "create_all_shortcuts":true, "import_search_engine":false, "show_welcome_page":true, "make_chrome_default":true, "do_not_launch_chrome":true, "alternate_shortcut_text":false, "verbose_logging":false, "import_history":false, "chrome_shortcut_icon_index":0, "import_home_page":false}, "promo":{"ntp_bubble_promo":[{"increment_max":1, "end":1361228340, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":1, "start":1352329200, "text":"Chrome wurde automatisch aktualisiert<br/>\n Sie verwenden jetzt die beste und aktuellste Version.", "segment":1, "group":0, "num_groups":1, "gplus_required":false}], "ntp_notification_promo":[{"increment_max":1, "end":1357685940, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":15, "start":1356303600, "text":"Haben Sie ein Smartphone oder Tablet? <a href=\"https://www.google.com/chrome/mobile/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Holen Sie sich Chrome Mobile</a>", "segment":1, "group":0, "num_groups":1, "gplus_required":false}]}, "profile":{"avatar_index":0, "exit_type":"Normal", "content_settings":{"clear_on_exit_migrated":true, "pref_version":1}, "exited_cleanly":true, "name":"Erster Nutzer"}, "browser":{"window_placement":{"work_area_top":0, "work_area_right":1360, "top":10, "left":10, "bottom":758, "maximized":false, "right":1060, "work_area_left":0, "work_area_bottom":768}, "last_prompted_google_url":"hxxp://www.google.de/", "last_known_google_url":"hxxp://www.google.de/", "show_home_button":true}, "homepage":"about:newtab?source=home", "download":{"directory_upgrade"
CHR Extension: (Docs) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-07] (AVAST Software)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [633856 2011-08-22] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-07] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-07] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:43 - 2013-11-07 17:44 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2013-11-07 16:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2013-11-07 16:45 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\acpimof.dll
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:51 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 17:34 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:16 - 2013-11-07 16:15 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:09 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:07 - 2013-11-07 16:09 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:01 - 2013-11-07 16:31 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:00 - 2013-11-07 16:31 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:00 - 2013-11-07 16:31 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:00 - 2013-11-07 16:31 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:35 - 2013-11-07 17:29 - 00489148 _____ C:\windows\PFRO.log
2013-11-07 15:35 - 2013-11-07 17:29 - 00000336 _____ C:\windows\setupact.log
2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-07 15:22 - 2013-11-07 17:17 - 00000000 ____D C:\windows\pss
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-04 10:49 - 2013-11-04 10:57 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-03 11:41 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-03 10:14 - 2013-11-04 10:59 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector
2013-11-03 10:14 - 2013-11-04 10:59 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector
2013-11-03 10:13 - 2013-11-04 11:15 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak
2013-11-03 10:13 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-17 11:00 - 2013-10-17 11:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-11 09:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-11 09:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-11 09:41 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-11 09:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:35 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-11 08:34 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-11 08:34 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-11 08:34 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-11 08:34 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-11 08:34 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-11 08:34 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:34 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-11 08:34 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-11 08:34 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-11 08:34 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-11 08:34 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-11 08:34 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-11 08:34 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-11 08:34 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-11 08:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe
2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe
==================== One Month Modified Files and Folders =======
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:44 - 2013-11-07 17:43 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-07 17:44 - 2012-10-11 06:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 17:36 - 2013-09-02 16:25 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 17:35 - 2012-09-12 06:07 - 01716736 _____ C:\windows\WindowsUpdate.log
2013-11-07 17:34 - 2013-11-07 16:36 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 17:30 - 2013-09-02 16:25 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-07 17:29 - 2013-11-07 15:35 - 00489148 _____ C:\windows\PFRO.log
2013-11-07 17:29 - 2013-11-07 15:35 - 00000336 _____ C:\windows\setupact.log
2013-11-07 17:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-07 17:20 - 2012-10-12 14:12 - 00000000 ____D C:\ProgramData\Trymedia
2013-11-07 17:19 - 2012-10-12 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-07 17:17 - 2013-11-07 15:22 - 00000000 ____D C:\windows\pss
2013-11-07 17:17 - 2013-07-28 09:14 - 00000000 ____D C:\ProgramData\Big Fish
2013-11-07 17:17 - 2013-07-09 08:19 - 00000000 ____D C:\BigFishCache
2013-11-07 17:17 - 2012-10-09 20:31 - 00000000 ___RD C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:51 - 2013-11-07 16:39 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:50 - 2012-06-04 07:25 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:31 - 2013-11-07 16:01 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:31 - 2013-11-07 16:00 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:31 - 2013-11-07 16:00 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:31 - 2013-11-07 16:00 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:21 - 2012-10-09 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:15 - 2013-11-07 16:16 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:10 - 2013-11-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:09 - 2013-11-07 16:07 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:56 - 2012-06-01 13:57 - 00000000 ____D C:\ProgramData\Norton
2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log
2013-11-07 15:33 - 2013-06-07 13:40 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Iminent
2013-11-07 15:33 - 2013-06-07 13:39 - 00000000 ____D C:\ProgramData\Iminent
2013-11-07 15:33 - 2013-06-07 13:35 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\SimplyTech
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 15:19 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat
2013-11-07 15:19 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat
2013-11-07 15:19 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-06 10:30 - 2012-10-09 21:03 - 00000000 ____D C:\Users\benrufus\AppData\Local\Mozilla
2013-11-04 11:15 - 2013-11-03 10:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak
2013-11-04 10:59 - 2013-11-03 10:14 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector
2013-11-04 10:59 - 2013-11-03 10:14 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector
2013-11-04 10:58 - 2012-10-09 20:26 - 00000000 ____D C:\Users\benrufus
2013-11-04 10:57 - 2013-11-04 10:49 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:57 - 2009-07-14 03:34 - 66322432 _____ C:\windows\system32\config\software.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 18612224 _____ C:\windows\system32\config\system.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-11-04 10:51 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-04 10:42 - 2013-03-29 09:12 - 00000000 ____D C:\Zylom Games
2013-10-30 17:35 - 2012-10-15 06:33 - 00000000 ____D C:\Users\benrufus\AppData\Local\CrashDumps
2013-10-30 11:39 - 2013-07-19 08:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\bfgallmygodsde
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-30 09:43 - 2012-12-18 09:27 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\rokapublish
2013-10-29 09:46 - 2012-11-30 08:43 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Playrix Entertainment
2013-10-28 10:37 - 2012-11-25 09:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\DivoGames
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-25 11:28 - 2012-10-25 07:28 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-10-17 14:32 - 2012-12-09 10:50 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AlawarEntertainment
2013-10-17 13:32 - 2013-05-11 08:10 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\quickclick
2013-10-17 11:45 - 2013-10-17 11:00 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-14 13:41 - 2012-11-01 10:03 - 00000000 ____D C:\Users\benrufus\Documents\8floor
2013-10-14 13:20 - 2012-06-01 13:17 - 00000000 ____D C:\windows\Panther
2013-10-14 11:54 - 2013-07-01 08:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\adelantado_2_realore_bigfishgames_en
2013-10-14 08:25 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-13 09:31 - 2013-09-02 16:25 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 09:31 - 2013-09-02 16:25 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 08:57 - 2009-07-14 05:45 - 00399024 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 09:45 - 2009-07-14 03:34 - 00000499 _____ C:\windows\win.ini
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:18 - 2013-08-14 11:20 - 00000000 ____D C:\windows\system32\MRT
2013-10-11 09:04 - 2012-06-04 07:37 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 13:45 - 2012-10-11 06:55 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 13:45 - 2012-10-11 06:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 13:45 - 2012-10-11 06:55 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe
2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe
Files to move or delete:
====================
C:\ProgramData\winiml.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 13:27
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by benrufus at 2013-11-07 17:46:48
Running from C:\Users\benrufus\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD AVIVO64 Codecs (Version: 12.4.100.20405)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
avast! Free Antivirus (x32 Version: 9.0.2007)
Brother MFL-Pro Suite (x32 Version: 1.00)
BurnAware Free 6.7 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.04)
D3DX10 (x32 Version: 15.4.2368.0902)
ElsterFormular (x32 Version: 14.0.0.10960)
Google Update Helper (x32 Version: 1.3.21.165)
HydraVision (x32 Version: 4.2.236.0)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenAL (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.72.410.2013)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows7FirewallControl (x64) 4.1.21.93 (Version: 4.1.21.93)
WinRAR 5.00 (64-Bit) (Version: 5.00.0)
==================== Restore Points =========================
22-10-2013 10:04:57 Windows-Sicherung
29-10-2013 09:50:57 Windows-Sicherung
03-11-2013 09:18:13 RegClean Pro So, Nov 03, 13 10:18
03-11-2013 12:36:18 Windows Update
04-11-2013 13:21:08 Windows-Sicherung
07-11-2013 14:48:17 Removed Java 7 Update 25
07-11-2013 14:59:20 avast! antivirus system restore point
07-11-2013 15:12:28 Installed Java 7 Update 45 (64-bit)
07-11-2013 15:29:25 avast! antivirus system restore point
07-11-2013 15:49:46 Installiert Realtek Ethernet Controller Driver
07-11-2013 16:18:26 Removed Google Earth Plug-in.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AC2944E-BA71-4CF8-80CE-E58F217919A0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1123533030-1629721145-1419368049-1001
Task: {1F297318-AE7B-408F-8C5A-1C78D8D3D5C6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {3F190183-3022-4D16-A6AB-7A5C53084444} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {4919792E-765C-4A9F-BA6F-285CAA288A10} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {6EE18347-A80F-4079-A5DF-3866E659D30A} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe
Task: {6FD139E5-AE6F-49B8-B3D5-55031A7FC8B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {815238CA-CA6C-435E-A167-ED43757F3A0C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-07] (AVAST Software)
Task: {CFB3CDB9-7046-4831-B9DD-C1CEF25D4EDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {D17E143A-35BA-4766-9066-3112F3FB0B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {D3F31993-A057-48DD-868A-D3A202CE2885} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {DBFF1921-9B3C-4E13-ABE3-2E28AC2B565E} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 15:32 - 2012-12-19 15:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-07 16:07 - 2013-11-07 11:26 - 02139648 _____ () C:\Program Files\AVAST Software\Avast\defs\13110700\algo.dll
2013-11-07 16:00 - 2013-11-07 16:00 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-07 16:09 - 2013-11-07 16:10 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:00AA4B31
AlternateDataStreams: C:\ProgramData\TEMP:00F7B10F
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:01312928
AlternateDataStreams: C:\ProgramData\TEMP:0287BE91
AlternateDataStreams: C:\ProgramData\TEMP:05F7DEE6
AlternateDataStreams: C:\ProgramData\TEMP:063969F8
AlternateDataStreams: C:\ProgramData\TEMP:06B8FE62
AlternateDataStreams: C:\ProgramData\TEMP:08677BDD
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:08DB8D99
AlternateDataStreams: C:\ProgramData\TEMP:097FF903
AlternateDataStreams: C:\ProgramData\TEMP:0988A428
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0AE2C68F
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0E5CFA74
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D
AlternateDataStreams: C:\ProgramData\TEMP:12A012A1
AlternateDataStreams: C:\ProgramData\TEMP:149327FE
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:17D88661
AlternateDataStreams: C:\ProgramData\TEMP:19F08842
AlternateDataStreams: C:\ProgramData\TEMP:1FD9DB67
AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2640C43F
AlternateDataStreams: C:\ProgramData\TEMP:26E2A0C3
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:29C0641D
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2B856118
AlternateDataStreams: C:\ProgramData\TEMP:2C8C1CCD
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:36DD742E
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
AlternateDataStreams: C:\ProgramData\TEMP:3BE7E50E
AlternateDataStreams: C:\ProgramData\TEMP:3CEF7764
AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC
AlternateDataStreams: C:\ProgramData\TEMP:3F694C8D
AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827
AlternateDataStreams: C:\ProgramData\TEMP:42B6425E
AlternateDataStreams: C:\ProgramData\TEMP:432EC713
AlternateDataStreams: C:\ProgramData\TEMP:44140787
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009
AlternateDataStreams: C:\ProgramData\TEMP:5279F7BF
AlternateDataStreams: C:\ProgramData\TEMP:5335CE76
AlternateDataStreams: C:\ProgramData\TEMP:538A9F02
AlternateDataStreams: C:\ProgramData\TEMP:54531C7D
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:59286A3A
AlternateDataStreams: C:\ProgramData\TEMP:5A15BCD4
AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC
AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C1EAB4E
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:64170090
AlternateDataStreams: C:\ProgramData\TEMP:6423D635
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F
AlternateDataStreams: C:\ProgramData\TEMP:67842DB7
AlternateDataStreams: C:\ProgramData\TEMP:67CF910D
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B251180
AlternateDataStreams: C:\ProgramData\TEMP:6C049F97
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:79059537
AlternateDataStreams: C:\ProgramData\TEMP:7943ACC4
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BBC3CCD
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA
AlternateDataStreams: C:\ProgramData\TEMP:7ECD9621
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7
AlternateDataStreams: C:\ProgramData\TEMP:874ADA37
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB
AlternateDataStreams: C:\ProgramData\TEMP:8AC20936
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653
AlternateDataStreams: C:\ProgramData\TEMP:95775248
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00
AlternateDataStreams: C:\ProgramData\TEMP:A5948878
AlternateDataStreams: C:\ProgramData\TEMP:A5CD91DF
AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:A899E64E
AlternateDataStreams: C:\ProgramData\TEMP:AA92F7C7
AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538
AlternateDataStreams: C:\ProgramData\TEMP:AE289451
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:AEB961C5
AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD
AlternateDataStreams: C:\ProgramData\TEMP:B02249C3
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B2D32F1D
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E
AlternateDataStreams: C:\ProgramData\TEMP:B709343D
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417
AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A
AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2
AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592
AlternateDataStreams: C:\ProgramData\TEMP:C9FD258B
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB55AED3
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6
AlternateDataStreams: C:\ProgramData\TEMP:CC96FF70
AlternateDataStreams: C:\ProgramData\TEMP:CCB49694
AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0
AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D51F4BAE
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:DCB27118
AlternateDataStreams: C:\ProgramData\TEMP:DF19F127
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E45C22B7
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EBFB51F1
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447
AlternateDataStreams: C:\ProgramData\TEMP:F21CB906
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F2DA92FA
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14
AlternateDataStreams: C:\ProgramData\TEMP:F4362715
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273
AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:F888E36D
AlternateDataStreams: C:\ProgramData\TEMP:FA09FC72
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FC98D33A
AlternateDataStreams: C:\ProgramData\TEMP:FD2BFC89
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/07/2013 04:00:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/04/2013 02:20:47 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 02:20:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 02:20:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 10:59:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (11/04/2013 10:58:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (11/04/2013 10:58:12 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (11/03/2013 11:02:21 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/29/2013 10:50:39 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/29/2013 10:50:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 1661.71 MB
Available physical RAM: 538.48 MB
Total Pagefile: 3323.42 MB
Available Pagefile: 1844.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:138.95 GB) (Free:107.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 39632641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 benrufus :: BENRUFUS-PC [Administrator] 07.11.2013 15:25:36 mbam-log-2013-11-07 (15-25-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211178 Laufzeit: 6 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 16 C:\Program Files (x86)\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 25 C:\Users\benrufus\Downloads\bubblehit_mp_pgr.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1(1).exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetup_r.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.crx (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\UniverselyWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Microsoft.Win32.TaskScheduler.xml (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome\HomeTab_3869.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
08.11.2013, 08:13
| #2 |
| /// the machine /// TB-Ausbilder    | Avast Rootkitmeldung Hi,
__________________Scan mit Combofix
__________________ |
|
08.11.2013, 14:23
| #3 |
| | Avast Rootkitmeldung Hallo Schrauber hier ist das Log-File
__________________Code:
ATTFilter ComboFix 13-11-07.01 - benrufus 08.11.2013 14:05:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1662.504 [GMT 1:00]
ausgeführt von:: c:\users\benrufus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SingAlong
c:\program files (x86)\SingAlong\chrome.crx
c:\program files (x86)\SingAlong\FF\chrome.manifest
c:\program files (x86)\SingAlong\FF\chrome\content\icon.png
c:\program files (x86)\SingAlong\FF\chrome\content\overlay.xul
c:\program files (x86)\SingAlong\FF\install.rdf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-08 bis 2013-11-08 ))))))))))))))))))))))))))))))
.
.
2013-11-08 13:15 . 2013-11-08 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 17:05 . 2013-11-07 17:05 -------- d-----w- c:\program files (x86)\HDD Health
2013-11-07 16:44 . 2013-11-07 16:44 -------- d-----w- C:\FRST
2013-11-07 16:01 . 2013-11-07 16:01 -------- d-----w- c:\program files (x86)\BurnAware Free
2013-11-07 15:50 . 2013-04-10 10:09 849992 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-11-07 15:50 . 2013-04-10 10:09 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-11-07 15:45 . 2012-08-22 09:19 11832 ----a-w- c:\windows\acpimof.dll
2013-11-07 15:44 . 2013-11-07 15:44 -------- d-----w- c:\program files\WinRAR
2013-11-07 15:36 . 2013-11-07 16:34 -------- d-----w- c:\users\benrufus\AppData\Roaming\vlc
2013-11-07 15:35 . 2013-11-07 15:35 -------- d-----w- c:\windows\system32\wbem\Framework
2013-11-07 15:35 . 2013-11-07 15:35 -------- d-----w- c:\program files (x86)\VideoLAN
2013-11-07 15:31 . 2013-11-07 15:31 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-07 15:16 . 2013-11-07 15:16 -------- d-----w- c:\programdata\Oracle
2013-11-07 15:16 . 2013-11-07 15:15 312744 ----a-w- c:\windows\system32\javaws.exe
2013-11-07 15:16 . 2013-11-07 15:15 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 15:16 . 2013-11-07 15:15 189352 ----a-w- c:\windows\system32\javaw.exe
2013-11-07 15:16 . 2013-11-07 15:15 189352 ----a-w- c:\windows\system32\java.exe
2013-11-07 15:15 . 2013-11-07 15:15 -------- d-----w- c:\program files\Windows7FirewallControl
2013-11-07 15:15 . 2013-11-07 15:15 -------- d-----w- c:\program files\Java
2013-11-07 15:02 . 2013-11-07 15:02 -------- d-----w- c:\users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 15:00 . 2013-11-07 15:31 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-07 15:00 . 2013-11-07 15:00 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-07 15:00 . 2013-11-07 15:00 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-07 15:00 . 2013-11-07 15:31 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-07 15:00 . 2013-11-07 15:31 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-07 15:00 . 2013-11-07 15:31 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-07 15:00 . 2013-11-07 15:00 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-07 15:00 . 2013-11-07 15:31 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-07 15:00 . 2013-11-07 15:31 43152 ----a-w- c:\windows\avastSS.scr
2013-11-07 14:59 . 2013-11-07 14:59 -------- d-----w- c:\program files\AVAST Software
2013-11-07 14:58 . 2013-11-07 14:58 -------- d-----w- c:\programdata\AVAST Software
2013-11-07 14:24 . 2013-11-07 14:24 -------- d-----w- c:\users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 14:24 . 2013-11-07 14:24 -------- d-----w- c:\programdata\Malwarebytes
2013-11-07 14:24 . 2013-11-07 14:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-07 14:24 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-07 14:24 . 2013-11-07 14:24 -------- d-----w- c:\users\benrufus\AppData\Local\Programs
2013-11-04 09:49 . 2013-11-04 09:57 1672 ----a-w- c:\windows\system32\ASOROSet.bin
2013-11-03 10:41 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-03 10:41 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-03 10:41 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-03 10:41 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-03 10:41 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-03 10:41 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-03 10:41 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-03 09:14 . 2013-11-04 09:59 -------- d-----w- c:\users\benrufus\AppData\Roaming\Advanced System Protector
2013-11-03 09:13 . 2013-11-04 10:15 -------- d-----w- c:\users\benrufus\AppData\Roaming\Systweak
2013-11-03 09:13 . 2013-08-22 17:36 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-10-25 11:41 . 2013-10-25 11:41 -------- d-----w- c:\users\benrufus\AppData\Roaming\Realore
2013-10-17 10:00 . 2013-10-17 10:45 -------- d-----w- c:\users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-11 07:35 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-11 07:35 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-11 07:35 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-11 07:35 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-11 07:35 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-11 07:35 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-11 07:35 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-11 07:35 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-11 07:35 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-11 07:35 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-11 07:35 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-11 07:35 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 08:04 . 2012-06-04 06:37 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 12:45 . 2012-10-11 05:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:45 . 2012-10-11 05:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-29 01:48 . 2013-10-11 07:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-05 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-07 3568312]
.
c:\users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IML.lnk - c:\windows\System32\iml.vbs [2010-5-21 4472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HDDHealth.lnk - c:\program files (x86)\HDD Health\hddhealth.exe [2013-11-7 1987520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HDDHealth;HDDHealth;c:\program files (x86)\HDD Health\HDDHealthService.exe;c:\program files (x86)\HDD Health\HDDHealthService.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys;c:\windows\SYSNATIVE\drivers\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys;c:\windows\SYSNATIVE\drivers\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys;c:\windows\SYSNATIVE\drivers\PciSPorts.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 12:45]
.
2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02 15:25]
.
2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02 15:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-07 15:31 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-08-22 1178624]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b
FF - ExtSQL: 2013-09-24 13:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-07 16:00; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-08 14:20:35
ComboFix-quarantined-files.txt 2013-11-08 13:20
.
Vor Suchlauf: 12 Verzeichnis(se), 114.475.585.536 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 113.845.870.592 Bytes frei
.
- - End Of File - - 194EEEABE06C8B6619DB1EBCD1B83024
A36C5E4F47E84449FF07ED3517B43A31
|
|
09.11.2013, 13:08
| #4 |
| /// the machine /// TB-Ausbilder | Avast Rootkitmeldung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.11.2013, 15:44
| #5 |
| | Avast Rootkitmeldung Hi ist irgendwas an Rookit usw zu erkennen? Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 benrufus :: BENRUFUS-PC [Administrator] 09.11.2013 14:58:18 mbam-log-2013-11-09 (14-58-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219881 Laufzeit: 7 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by benrufus on 09.11.2013 at 15:14:18,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ZY-Babylonia_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ZY-Babylonia_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ZY-Babylonia_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ZY-Babylonia_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094CB164-F8E4-4014-9A7C-8E7D4D58F311}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\benrufus\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\benrufus\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\benrufus\appdata\local\big fish games"
Successfully deleted: [Folder] "C:\bigfishcache"
~~~ FireFox
Emptied folder: C:\Users\benrufus\AppData\Roaming\mozilla\firefox\profiles\tm9b5jf0.default-1354004411983\minidumps [163 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2013 at 15:30:04,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.011 - Bericht erstellt am 09/11/2013 um 15:09:51
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : benrufus - BENRUFUS-PC
# Gestartet von : C:\Users\benrufus\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Alawar
Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\AlawarEntertainment
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Program Files (x86)\FoxyDeal
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\benrufus\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\benrufus\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\benrufus\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\Alawar
Ordner Gelöscht : C:\Users\benrufus\AppData\Roaming\AlawarEntertainment
Datei Gelöscht : C:\windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\foxydeal.sqlite
Datei Gelöscht : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\user.js
Datei Gelöscht : C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\windows\System32\Tasks\Advanced System Protector
Datei Gelöscht : C:\windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\windows\System32\Tasks\Software Updater Ui
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\prefs.js ]
Zeile gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1372751323732,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("smartbar.machineId", "/GYPW9WOYPMBF2TFOJU5IRBLH+5RQ2OAOC1+T8DP3LP+PKR5VWD0UKB2H6XQ7AMFZ3SFTR9LCSNE2J4NKZOMKQ");
*************************
AdwCleaner[R0].txt - [3954 octets] - [09/11/2013 15:07:25]
AdwCleaner[S0].txt - [3919 octets] - [09/11/2013 15:09:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3979 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by benrufus (administrator) on BENRUFUS-PC on 09-11-2013 15:32:20
Running from C:\Users\benrufus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1178624 2011-08-22] (Sphinx Software)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [65536 2007-01-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-07] (AVAST Software)
Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-07] (AVAST Software)
S2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [72640 2012-06-07] ()
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [633856 2011-08-22] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-07] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-07] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-09 15:31 - 2013-11-09 15:31 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-09 15:30 - 2013-11-09 15:30 - 00001786 _____ C:\Users\benrufus\Desktop\JRT.txt
2013-11-09 15:14 - 2013-11-09 15:14 - 00000000 ____D C:\windows\ERUNT
2013-11-09 15:12 - 2013-11-09 15:12 - 00004059 _____ C:\Users\benrufus\Desktop\AdwCleaner[S0].txt
2013-11-09 15:07 - 2013-11-09 15:10 - 00000000 ____D C:\AdwCleaner
2013-11-09 15:02 - 2013-11-09 15:02 - 01034531 _____ (Thisisu) C:\Users\benrufus\Desktop\JRT.exe
2013-11-09 14:59 - 2013-11-09 14:59 - 01073262 _____ C:\Users\benrufus\Desktop\adwcleaner.exe
2013-11-09 11:31 - 2013-11-09 15:11 - 00000168 _____ C:\windows\setupact.log
2013-11-09 11:31 - 2013-11-09 11:31 - 00000000 _____ C:\windows\setuperr.log
2013-11-08 14:20 - 2013-11-08 14:20 - 00020557 _____ C:\ComboFix.txt
2013-11-08 14:02 - 2013-11-08 14:20 - 00000000 ____D C:\Qoobox
2013-11-08 14:02 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-08 14:02 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-08 14:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-08 14:01 - 2013-11-08 14:17 - 00000000 ____D C:\windows\erdnt
2013-11-07 18:05 - 2013-11-07 18:05 - 00998624 _____ ( ) C:\Users\benrufus\Downloads\hddh42.exe
2013-11-07 18:05 - 2013-11-07 18:05 - 00000000 ____D C:\Program Files (x86)\HDD Health
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2013-11-07 16:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2013-11-07 16:45 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\acpimof.dll
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:51 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 17:34 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-09 15:12 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:16 - 2013-11-07 16:15 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:09 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:07 - 2013-11-07 16:09 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:01 - 2013-11-07 16:31 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:00 - 2013-11-07 16:31 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:00 - 2013-11-07 16:31 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:00 - 2013-11-07 16:31 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-07 15:22 - 2013-11-07 17:17 - 00000000 ____D C:\windows\pss
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-04 10:49 - 2013-11-04 10:57 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-03 11:41 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-17 11:00 - 2013-10-17 11:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-11 09:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-11 09:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-11 09:41 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-11 09:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:35 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-11 08:34 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-11 08:34 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-11 08:34 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-11 08:34 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-11 08:34 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-11 08:34 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:34 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-11 08:34 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-11 08:34 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-11 08:34 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-11 08:34 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-11 08:34 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-11 08:34 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-11 08:34 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-11 08:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
==================== One Month Modified Files and Folders =======
2013-11-09 15:31 - 2013-11-09 15:31 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-09 15:30 - 2013-11-09 15:30 - 00001786 _____ C:\Users\benrufus\Desktop\JRT.txt
2013-11-09 15:19 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 15:19 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 15:14 - 2013-11-09 15:14 - 00000000 ____D C:\windows\ERUNT
2013-11-09 15:12 - 2013-11-09 15:12 - 00004059 _____ C:\Users\benrufus\Desktop\AdwCleaner[S0].txt
2013-11-09 15:12 - 2013-11-07 16:31 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-09 15:11 - 2013-11-09 11:31 - 00000168 _____ C:\windows\setupact.log
2013-11-09 15:11 - 2013-09-02 16:25 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 15:11 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-09 15:10 - 2013-11-09 15:07 - 00000000 ____D C:\AdwCleaner
2013-11-09 15:10 - 2012-09-12 06:07 - 01781056 _____ C:\windows\WindowsUpdate.log
2013-11-09 15:02 - 2013-11-09 15:02 - 01034531 _____ (Thisisu) C:\Users\benrufus\Desktop\JRT.exe
2013-11-09 14:59 - 2013-11-09 14:59 - 01073262 _____ C:\Users\benrufus\Desktop\adwcleaner.exe
2013-11-09 11:44 - 2012-10-11 06:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 11:37 - 2013-09-02 16:25 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 11:31 - 2013-11-09 11:31 - 00000000 _____ C:\windows\setuperr.log
2013-11-08 15:29 - 2012-10-12 14:06 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\WinRAR
2013-11-08 14:20 - 2013-11-08 14:20 - 00020557 _____ C:\ComboFix.txt
2013-11-08 14:20 - 2013-11-08 14:02 - 00000000 ____D C:\Qoobox
2013-11-08 14:17 - 2013-11-08 14:01 - 00000000 ____D C:\windows\erdnt
2013-11-08 14:15 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-08 11:10 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat
2013-11-08 11:10 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat
2013-11-08 11:10 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-07 18:05 - 2013-11-07 18:05 - 00998624 _____ ( ) C:\Users\benrufus\Downloads\hddh42.exe
2013-11-07 18:05 - 2013-11-07 18:05 - 00000000 ____D C:\Program Files (x86)\HDD Health
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:34 - 2013-11-07 16:36 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 17:19 - 2012-10-12 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-07 17:17 - 2013-11-07 15:22 - 00000000 ____D C:\windows\pss
2013-11-07 17:17 - 2012-10-09 20:31 - 00000000 ___RD C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:51 - 2013-11-07 16:39 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:50 - 2012-06-04 07:25 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:01 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:31 - 2013-11-07 16:00 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:31 - 2013-11-07 16:00 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:31 - 2013-11-07 16:00 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:21 - 2012-10-09 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:15 - 2013-11-07 16:16 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:10 - 2013-11-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:09 - 2013-11-07 16:07 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:56 - 2012-06-01 13:57 - 00000000 ____D C:\ProgramData\Norton
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-06 10:30 - 2012-10-09 21:03 - 00000000 ____D C:\Users\benrufus\AppData\Local\Mozilla
2013-11-04 10:58 - 2012-10-09 20:26 - 00000000 ____D C:\Users\benrufus
2013-11-04 10:57 - 2013-11-04 10:49 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:57 - 2009-07-14 03:34 - 66322432 _____ C:\windows\system32\config\software.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 18612224 _____ C:\windows\system32\config\system.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-11-04 10:51 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-04 10:42 - 2013-03-29 09:12 - 00000000 ____D C:\Zylom Games
2013-10-30 17:35 - 2012-10-15 06:33 - 00000000 ____D C:\Users\benrufus\AppData\Local\CrashDumps
2013-10-30 11:39 - 2013-07-19 08:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\bfgallmygodsde
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-30 09:43 - 2012-12-18 09:27 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\rokapublish
2013-10-29 09:46 - 2012-11-30 08:43 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Playrix Entertainment
2013-10-28 10:37 - 2012-11-25 09:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\DivoGames
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-25 11:28 - 2012-10-25 07:28 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-10-17 11:45 - 2013-10-17 11:00 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-14 13:41 - 2012-11-01 10:03 - 00000000 ____D C:\Users\benrufus\Documents\8floor
2013-10-14 13:20 - 2012-06-01 13:17 - 00000000 ____D C:\windows\Panther
2013-10-14 11:54 - 2013-07-01 08:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\adelantado_2_realore_bigfishgames_en
2013-10-14 08:25 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-13 09:31 - 2013-09-02 16:25 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 09:31 - 2013-09-02 16:25 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 08:57 - 2009-07-14 05:45 - 00399024 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 09:45 - 2009-07-14 03:34 - 00000499 _____ C:\windows\win.ini
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:18 - 2013-08-14 11:20 - 00000000 ____D C:\windows\system32\MRT
2013-10-11 09:04 - 2012-06-04 07:37 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\winiml.dat
Some content of TEMP:
====================
C:\Users\benrufus\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 13:27
==================== End Of Log ============================
--- --- --- --- --- --- |
|
10.11.2013, 07:09
| #6 |
| /// the machine /// TB-Ausbilder | Avast Rootkitmeldung Nein nicht an Rootkit aber schön viel anderer Mist  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Avast Rootkitmeldung |
|
12.11.2013, 17:12
| #7 |
| | Avast Rootkitmeldung Hi, sorry das es so lange gedauert hat. Der Rechner meckert noch immer beim Runterfahren das zB. Windows7 Firewall Control/oder Windows Host Task noch geschlossen werden müssen Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5d6b309d75731e4aa6007ed88658872c
# engine=15853
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-12 04:00:06
# local_time=2013-11-12 05:00:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 435680 439200 0 0
# compatibility_mode=5893 16776574 100 94 10647935 135901856 0 0
# scanned=106993
# found=4
# cleaned=0
# scan_time=5170
sh=D53DCB55B39BC9B61491F44342DD5BE8EBFA237B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\benrufus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\52083700-6e2de8da"
sh=B1232787C87662F48714B103FECBF588A19DBB66 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\benrufus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1a4c6412-7ad04c87"
sh=13CC7A4052F703B95015565948823F8769738389 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\benrufus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6ce6d1c5-16025e0d"
sh=08595126FD1CF0375BA88B51B84556D22134AE3A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\benrufus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\242247b3-4d81a465"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0) ````````Process Check: objlist.exe by Laurent```````` Windows7FirewallControl Windows7FirewallService.exe Windows7FirewallControl Windows7FirewallControl.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by benrufus (administrator) on BENRUFUS-PC on 12-11-2013 17:07:57
Running from C:\Users\benrufus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1178624 2011-08-22] (Sphinx Software)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [65536 2007-01-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-07] (AVAST Software)
Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-07] (AVAST Software)
S2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [72640 2012-06-07] ()
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [633856 2011-08-22] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-07] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-07] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-12 17:05 - 2013-11-12 17:05 - 01957590 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-12 15:51 - 2013-11-12 15:52 - 00891184 _____ C:\Users\benrufus\Desktop\SecurityCheck.exe
2013-11-12 15:31 - 2013-11-12 15:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-12 15:30 - 2013-11-12 15:30 - 02347384 _____ (ESET) C:\Users\benrufus\Downloads\esetsmartinstaller_enu.exe
2013-11-09 15:14 - 2013-11-09 15:14 - 00000000 ____D C:\windows\ERUNT
2013-11-09 15:07 - 2013-11-09 15:10 - 00000000 ____D C:\AdwCleaner
2013-11-09 11:31 - 2013-11-12 12:47 - 00001008 _____ C:\windows\setupact.log
2013-11-09 11:31 - 2013-11-09 11:31 - 00000000 _____ C:\windows\setuperr.log
2013-11-08 14:20 - 2013-11-08 14:20 - 00020557 _____ C:\ComboFix.txt
2013-11-08 14:02 - 2013-11-08 14:20 - 00000000 ____D C:\Qoobox
2013-11-08 14:02 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-08 14:02 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-08 14:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-08 14:02 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-08 14:01 - 2013-11-08 14:17 - 00000000 ____D C:\windows\erdnt
2013-11-07 18:05 - 2013-11-07 18:05 - 00998624 _____ ( ) C:\Users\benrufus\Downloads\hddh42.exe
2013-11-07 18:05 - 2013-11-07 18:05 - 00000000 ____D C:\Program Files (x86)\HDD Health
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2013-11-07 16:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2013-11-07 16:45 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\acpimof.dll
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:51 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 17:34 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-12 08:24 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:16 - 2013-11-07 16:15 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:09 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:07 - 2013-11-07 16:09 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:01 - 2013-11-07 16:31 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:00 - 2013-11-07 16:31 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:00 - 2013-11-07 16:31 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:00 - 2013-11-07 16:31 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-07 15:22 - 2013-11-07 17:17 - 00000000 ____D C:\windows\pss
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-04 10:49 - 2013-11-04 10:57 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-03 11:41 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-17 11:00 - 2013-10-17 11:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
==================== One Month Modified Files and Folders =======
2013-11-12 17:05 - 2013-11-12 17:05 - 01957590 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-12 16:44 - 2012-10-11 06:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 16:36 - 2013-09-02 16:25 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 16:22 - 2012-09-12 06:07 - 01878613 _____ C:\windows\WindowsUpdate.log
2013-11-12 15:52 - 2013-11-12 15:51 - 00891184 _____ C:\Users\benrufus\Desktop\SecurityCheck.exe
2013-11-12 15:31 - 2013-11-12 15:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-12 15:30 - 2013-11-12 15:30 - 02347384 _____ (ESET) C:\Users\benrufus\Downloads\esetsmartinstaller_enu.exe
2013-11-12 14:12 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat
2013-11-12 14:12 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat
2013-11-12 14:12 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-12 13:34 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-12 12:54 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 12:54 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 12:47 - 2013-11-09 11:31 - 00001008 _____ C:\windows\setupact.log
2013-11-12 12:47 - 2013-09-02 16:25 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 12:47 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-12 08:24 - 2013-11-07 16:31 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-09 15:14 - 2013-11-09 15:14 - 00000000 ____D C:\windows\ERUNT
2013-11-09 15:10 - 2013-11-09 15:07 - 00000000 ____D C:\AdwCleaner
2013-11-09 11:31 - 2013-11-09 11:31 - 00000000 _____ C:\windows\setuperr.log
2013-11-08 15:29 - 2012-10-12 14:06 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\WinRAR
2013-11-08 14:20 - 2013-11-08 14:20 - 00020557 _____ C:\ComboFix.txt
2013-11-08 14:20 - 2013-11-08 14:02 - 00000000 ____D C:\Qoobox
2013-11-08 14:17 - 2013-11-08 14:01 - 00000000 ____D C:\windows\erdnt
2013-11-08 14:15 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-07 18:05 - 2013-11-07 18:05 - 00998624 _____ ( ) C:\Users\benrufus\Downloads\hddh42.exe
2013-11-07 18:05 - 2013-11-07 18:05 - 00000000 ____D C:\Program Files (x86)\HDD Health
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:34 - 2013-11-07 16:36 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 17:19 - 2012-10-12 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-07 17:17 - 2013-11-07 15:22 - 00000000 ____D C:\windows\pss
2013-11-07 17:17 - 2012-10-09 20:31 - 00000000 ___RD C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:51 - 2013-11-07 16:39 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:50 - 2012-06-04 07:25 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:01 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:31 - 2013-11-07 16:00 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:31 - 2013-11-07 16:00 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:31 - 2013-11-07 16:00 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:21 - 2012-10-09 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:15 - 2013-11-07 16:16 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:10 - 2013-11-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:09 - 2013-11-07 16:07 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:56 - 2012-06-01 13:57 - 00000000 ____D C:\ProgramData\Norton
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-06 10:30 - 2012-10-09 21:03 - 00000000 ____D C:\Users\benrufus\AppData\Local\Mozilla
2013-11-04 10:58 - 2012-10-09 20:26 - 00000000 ____D C:\Users\benrufus
2013-11-04 10:57 - 2013-11-04 10:49 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:57 - 2009-07-14 03:34 - 66322432 _____ C:\windows\system32\config\software.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 18612224 _____ C:\windows\system32\config\system.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-11-04 10:51 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-04 10:42 - 2013-03-29 09:12 - 00000000 ____D C:\Zylom Games
2013-10-30 17:35 - 2012-10-15 06:33 - 00000000 ____D C:\Users\benrufus\AppData\Local\CrashDumps
2013-10-30 11:39 - 2013-07-19 08:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\bfgallmygodsde
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-30 09:43 - 2012-12-18 09:27 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\rokapublish
2013-10-29 09:46 - 2012-11-30 08:43 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Playrix Entertainment
2013-10-28 10:37 - 2012-11-25 09:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\DivoGames
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-25 11:28 - 2012-10-25 07:28 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-10-17 11:45 - 2013-10-17 11:00 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-14 13:41 - 2012-11-01 10:03 - 00000000 ____D C:\Users\benrufus\Documents\8floor
2013-10-14 13:20 - 2012-06-01 13:17 - 00000000 ____D C:\windows\Panther
2013-10-14 11:54 - 2013-07-01 08:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\adelantado_2_realore_bigfishgames_en
2013-10-14 08:25 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-13 09:31 - 2013-09-02 16:25 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 09:31 - 2013-09-02 16:25 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\ProgramData\winiml.dat
Some content of TEMP:
====================
C:\Users\benrufus\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 13:27
==================== End Of Log ============================
--- --- --- |
|
13.11.2013, 09:39
| #8 | |
| /// the machine /// TB-Ausbilder | Avast Rootkitmeldung Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
C:\ProgramData\winiml.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Nochmal testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.11.2013, 14:09
| #9 |
| | Avast Rootkitmeldung Hatte beim Runterfahren die Firewall aus, trotzdem kam Meldung das noch Hintergrundprogramme geschlossen werden müßen Im Fenster ist aber kein Name drin nach 20sek wird dann noch Windows Task Host eingeblendet Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by benrufus at 2013-11-14 14:07:52 Run:1
Running from C:\Users\benrufus\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
C:\ProgramData\winiml.dat
*****************
C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk => Moved successfully.
C:\Windows\System32\iml.vbs => Moved successfully.
C:\ProgramData\winiml.dat => Moved successfully.
==== End of Fixlog ====
Geändert von rufus3150 (14.11.2013 um 14:59 Uhr) |
|
15.11.2013, 10:30
| #10 |
| /// the machine /// TB-Ausbilder | Avast Rootkitmeldung How to perform a clean boot in Windows 8.1, Windows 8, Windows 7, or Windows Vista Mach mal bitte nen Clean Boot und fahre den Rechner dann herunter. immer noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2013, 17:32
| #11 |
| | Avast Rootkitmeldung Hi Schrauber, in Kürze gibt es eine SSD und dann werde ich Win7 neu installieren. Damit sollten dann alle Probleme gelöst sein, danke für deine Zeit und Hilfe |
|
24.11.2013, 08:44
| #12 |
| /// the machine /// TB-Ausbilder | Avast Rootkitmeldung ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
