| |
| |||||||
Log-Analyse und Auswertung: Avast RootkitmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.11.2013, 18:02
| #1 |
| |  Avast Rootkitmeldung Hi Leute ich hatte eben eine Meldung von Avast über ein Rootkit.Der Rechner wurde dann neu gestartet. In Avast kann ich aber keine Eintrag finden über den Namen des Rootkit /noch wo es war. Der Rechner ist etwas langsam in Letzter Zeit geworden,Außerdem gibt es beim Runterfahren öfter Meldungen noch Hintergrundprogramme geschlossen werden müssen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by benrufus (administrator) on BENRUFUS-PC on 07-11-2013 17:44:59
Running from C:\Users\benrufus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1178624 2011-08-22] (Sphinx Software)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD)
MountPoints2: {a76229f1-5c88-11e2-aa86-d43d7e00be67} - E:\Startme.exe
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [65536 2007-01-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-07] (AVAST Software)
Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
SearchScopes: HKLM - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
SearchScopes: HKCU - {094CB164-F8E4-4014-9A7C-8E7D4D58F311} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F7074E12-7D4B-4D07-8B45-EEEC289C765B&apn_sauid=B1C0BD14-6B0B-4DFC-82BB-15918AD1B35F
SearchScopes: HKCU - {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983
FF user.js: detected! => C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage: about:newtab?source=home
CHR RestoreOnStartup: "about:newtab?source=home"], "restore_on_startup_migrated":true, "restore_on_startup":4}, "countryid_at_install":17477, "homepage_is_newtabpage":"true", "extensions":{"autoupdate":{"next_check":"13002491508116376"}, "settings":{"fgibjgmnimooanbagcfpnkmngejcojaf":{"ack_external":true}, "ahfgeienlihckogmohjhadlkjgocpleb":{"page_ordinal":"n", "app_launcher_ordinal":"n"}, "coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "aohghmighlieiainnegkcijnfilokake":{"from_bookmark":false, "location":1, "ack_external":true, "path":"aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0", "exclude_from_sideload_wipeout":true, "was_installed_by_default":true, "install_time":"13002474549230452", "creation_flags":137, "page_ordinal":"n", "manifest":{"app":{"launch":{"local_path":"main.html"}}, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB", "version":"0.0.0.6", "update_url":"hxxp://clients2.google.com/service/update2/crx", "name":"Docs", "icons":{"128":"icon_128.png", "16":"icon_16.png"}, "offline_enabled":true, "description":"Create, share, and access your Google Docs from anywhere.", "manifest_version":2}, "state":1, "from_webstore":true, "app_launcher_ordinal":"t"}, "apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true, "exclude_from_sideload_wipeout":true}}, "chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "last_chrome_version":"24.0.1312.52"}, "distribution":{"oem_bubble":true, "skip_first_run_ui":true, "create_all_shortcuts":true, "import_search_engine":false, "show_welcome_page":true, "make_chrome_default":true, "do_not_launch_chrome":true, "alternate_shortcut_text":false, "verbose_logging":false, "import_history":false, "chrome_shortcut_icon_index":0, "import_home_page":false}, "promo":{"ntp_bubble_promo":[{"increment_max":1, "end":1361228340, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":1, "start":1352329200, "text":"Chrome wurde automatisch aktualisiert<br/>\n Sie verwenden jetzt die beste und aktuellste Version.", "segment":1, "group":0, "num_groups":1, "gplus_required":false}], "ntp_notification_promo":[{"increment_max":1, "end":1357685940, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":15, "start":1356303600, "text":"Haben Sie ein Smartphone oder Tablet? <a href=\"https://www.google.com/chrome/mobile/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Holen Sie sich Chrome Mobile</a>", "segment":1, "group":0, "num_groups":1, "gplus_required":false}]}, "profile":{"avatar_index":0, "exit_type":"Normal", "content_settings":{"clear_on_exit_migrated":true, "pref_version":1}, "exited_cleanly":true, "name":"Erster Nutzer"}, "browser":{"window_placement":{"work_area_top":0, "work_area_right":1360, "top":10, "left":10, "bottom":758, "maximized":false, "right":1060, "work_area_left":0, "work_area_bottom":768}, "last_prompted_google_url":"hxxp://www.google.de/", "last_known_google_url":"hxxp://www.google.de/", "show_home_button":true}, "homepage":"about:newtab?source=home", "download":{"directory_upgrade"
CHR Extension: (Docs) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-07] (AVAST Software)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [633856 2011-08-22] (Sphinx Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-07] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-07] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:43 - 2013-11-07 17:44 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2013-11-07 16:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2013-11-07 16:45 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\acpimof.dll
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:51 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 17:34 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:16 - 2013-11-07 16:15 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:16 - 2013-11-07 16:15 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:09 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:07 - 2013-11-07 16:09 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:01 - 2013-11-07 16:31 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:00 - 2013-11-07 16:31 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:00 - 2013-11-07 16:31 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:00 - 2013-11-07 16:31 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:00 - 2013-11-07 16:31 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:35 - 2013-11-07 17:29 - 00489148 _____ C:\windows\PFRO.log
2013-11-07 15:35 - 2013-11-07 17:29 - 00000336 _____ C:\windows\setupact.log
2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-07 15:22 - 2013-11-07 17:17 - 00000000 ____D C:\windows\pss
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-04 10:49 - 2013-11-04 10:57 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-03 11:41 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-03 11:41 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-03 10:14 - 2013-11-04 10:59 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector
2013-11-03 10:14 - 2013-11-04 10:59 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector
2013-11-03 10:13 - 2013-11-04 11:15 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak
2013-11-03 10:13 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-17 11:00 - 2013-10-17 11:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-11 09:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-11 09:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-11 09:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-11 09:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-11 09:41 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-11 09:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-11 09:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-11 09:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:35 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-11 08:34 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-11 08:34 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-11 08:34 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-11 08:34 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-11 08:34 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-11 08:34 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-11 08:34 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:34 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:34 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-11 08:34 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-11 08:34 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-11 08:34 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-11 08:34 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-11 08:34 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-11 08:34 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-11 08:34 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-11 08:34 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-11 08:34 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-11 08:34 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-11 08:34 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-11 08:34 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-11 08:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe
2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe
==================== One Month Modified Files and Folders =======
2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST
2013-11-07 17:44 - 2013-11-07 17:43 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe
2013-11-07 17:44 - 2012-10-11 06:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 17:36 - 2013-09-02 16:25 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 17:35 - 2012-09-12 06:07 - 01716736 _____ C:\windows\WindowsUpdate.log
2013-11-07 17:34 - 2013-11-07 16:36 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc
2013-11-07 17:30 - 2013-09-02 16:25 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-07 17:29 - 2013-11-07 15:35 - 00489148 _____ C:\windows\PFRO.log
2013-11-07 17:29 - 2013-11-07 15:35 - 00000336 _____ C:\windows\setupact.log
2013-11-07 17:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-07 17:20 - 2012-10-12 14:12 - 00000000 ____D C:\ProgramData\Trymedia
2013-11-07 17:19 - 2012-10-12 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-07 17:17 - 2013-11-07 15:22 - 00000000 ____D C:\windows\pss
2013-11-07 17:17 - 2013-07-28 09:14 - 00000000 ____D C:\ProgramData\Big Fish
2013-11-07 17:17 - 2013-07-09 08:19 - 00000000 ____D C:\BigFishCache
2013-11-07 17:17 - 2012-10-09 20:31 - 00000000 ___RD C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini
2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-11-07 16:51 - 2013-11-07 16:39 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part
2013-11-07 16:50 - 2012-06-04 07:25 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip
2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip
2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip
2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-07 16:31 - 2013-11-07 16:01 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-07 16:31 - 2013-11-07 16:00 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-07 16:31 - 2013-11-07 16:00 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-07 16:31 - 2013-11-07 16:00 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-07 16:31 - 2013-11-07 16:00 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-07 16:21 - 2012-10-09 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 16:15 - 2013-11-07 16:16 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-07 16:15 - 2013-11-07 16:16 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl
2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:10 - 2013-11-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 16:09 - 2013-11-07 16:07 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe
2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software
2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-07 15:56 - 2012-06-01 13:57 - 00000000 ____D C:\ProgramData\Norton
2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log
2013-11-07 15:33 - 2013-06-07 13:40 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Iminent
2013-11-07 15:33 - 2013-06-07 13:39 - 00000000 ____D C:\ProgramData\Iminent
2013-11-07 15:33 - 2013-06-07 13:35 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\SimplyTech
2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg
2013-11-07 15:19 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat
2013-11-07 15:19 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat
2013-11-07 15:19 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL
2013-11-06 10:30 - 2012-10-09 21:03 - 00000000 ____D C:\Users\benrufus\AppData\Local\Mozilla
2013-11-04 11:15 - 2013-11-03 10:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak
2013-11-04 10:59 - 2013-11-03 10:14 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector
2013-11-04 10:59 - 2013-11-03 10:14 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector
2013-11-04 10:58 - 2012-10-09 20:26 - 00000000 ____D C:\Users\benrufus
2013-11-04 10:57 - 2013-11-04 10:49 - 00001672 _____ C:\windows\system32\ASOROSet.bin
2013-11-04 10:57 - 2009-07-14 03:34 - 66322432 _____ C:\windows\system32\config\software.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 18612224 _____ C:\windows\system32\config\system.bak
2013-11-04 10:57 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-11-04 10:51 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup
2013-11-04 10:42 - 2013-03-29 09:12 - 00000000 ____D C:\Zylom Games
2013-10-30 17:35 - 2012-10-15 06:33 - 00000000 ____D C:\Users\benrufus\AppData\Local\CrashDumps
2013-10-30 11:39 - 2013-07-19 08:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\bfgallmygodsde
2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757}
2013-10-30 09:43 - 2012-12-18 09:27 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\rokapublish
2013-10-29 09:46 - 2012-11-30 08:43 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Playrix Entertainment
2013-10-28 10:37 - 2012-11-25 09:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\DivoGames
2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore
2013-10-25 11:28 - 2012-10-25 07:28 - 00000000 ____D C:\ProgramData\Playrix Entertainment
2013-10-17 14:32 - 2012-12-09 10:50 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AlawarEntertainment
2013-10-17 13:32 - 2013-05-11 08:10 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\quickclick
2013-10-17 11:45 - 2013-10-17 11:00 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg
2013-10-14 13:41 - 2012-11-01 10:03 - 00000000 ____D C:\Users\benrufus\Documents\8floor
2013-10-14 13:20 - 2012-06-01 13:17 - 00000000 ____D C:\windows\Panther
2013-10-14 11:54 - 2013-07-01 08:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\adelantado_2_realore_bigfishgames_en
2013-10-14 08:25 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-13 09:31 - 2013-09-02 16:25 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 09:31 - 2013-09-02 16:25 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 08:57 - 2009-07-14 05:45 - 00399024 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 09:45 - 2009-07-14 03:34 - 00000499 _____ C:\windows\win.ini
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:18 - 2013-08-14 11:20 - 00000000 ____D C:\windows\system32\MRT
2013-10-11 09:04 - 2012-06-04 07:37 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 13:45 - 2012-10-11 06:55 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 13:45 - 2012-10-11 06:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 13:45 - 2012-10-11 06:55 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe
2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe
Files to move or delete:
====================
C:\ProgramData\winiml.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 13:27
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by benrufus at 2013-11-07 17:46:48
Running from C:\Users\benrufus\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD AVIVO64 Codecs (Version: 12.4.100.20405)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
avast! Free Antivirus (x32 Version: 9.0.2007)
Brother MFL-Pro Suite (x32 Version: 1.00)
BurnAware Free 6.7 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.04)
D3DX10 (x32 Version: 15.4.2368.0902)
ElsterFormular (x32 Version: 14.0.0.10960)
Google Update Helper (x32 Version: 1.3.21.165)
HydraVision (x32 Version: 4.2.236.0)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenAL (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.72.410.2013)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows7FirewallControl (x64) 4.1.21.93 (Version: 4.1.21.93)
WinRAR 5.00 (64-Bit) (Version: 5.00.0)
==================== Restore Points =========================
22-10-2013 10:04:57 Windows-Sicherung
29-10-2013 09:50:57 Windows-Sicherung
03-11-2013 09:18:13 RegClean Pro So, Nov 03, 13 10:18
03-11-2013 12:36:18 Windows Update
04-11-2013 13:21:08 Windows-Sicherung
07-11-2013 14:48:17 Removed Java 7 Update 25
07-11-2013 14:59:20 avast! antivirus system restore point
07-11-2013 15:12:28 Installed Java 7 Update 45 (64-bit)
07-11-2013 15:29:25 avast! antivirus system restore point
07-11-2013 15:49:46 Installiert Realtek Ethernet Controller Driver
07-11-2013 16:18:26 Removed Google Earth Plug-in.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AC2944E-BA71-4CF8-80CE-E58F217919A0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1123533030-1629721145-1419368049-1001
Task: {1F297318-AE7B-408F-8C5A-1C78D8D3D5C6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {3F190183-3022-4D16-A6AB-7A5C53084444} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {4919792E-765C-4A9F-BA6F-285CAA288A10} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {6EE18347-A80F-4079-A5DF-3866E659D30A} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe
Task: {6FD139E5-AE6F-49B8-B3D5-55031A7FC8B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {815238CA-CA6C-435E-A167-ED43757F3A0C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-07] (AVAST Software)
Task: {CFB3CDB9-7046-4831-B9DD-C1CEF25D4EDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {D17E143A-35BA-4766-9066-3112F3FB0B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {D3F31993-A057-48DD-868A-D3A202CE2885} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {DBFF1921-9B3C-4E13-ABE3-2E28AC2B565E} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 15:32 - 2012-12-19 15:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-07 16:07 - 2013-11-07 11:26 - 02139648 _____ () C:\Program Files\AVAST Software\Avast\defs\13110700\algo.dll
2013-11-07 16:00 - 2013-11-07 16:00 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-07 16:09 - 2013-11-07 16:10 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:00AA4B31
AlternateDataStreams: C:\ProgramData\TEMP:00F7B10F
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:01312928
AlternateDataStreams: C:\ProgramData\TEMP:0287BE91
AlternateDataStreams: C:\ProgramData\TEMP:05F7DEE6
AlternateDataStreams: C:\ProgramData\TEMP:063969F8
AlternateDataStreams: C:\ProgramData\TEMP:06B8FE62
AlternateDataStreams: C:\ProgramData\TEMP:08677BDD
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:08DB8D99
AlternateDataStreams: C:\ProgramData\TEMP:097FF903
AlternateDataStreams: C:\ProgramData\TEMP:0988A428
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0AE2C68F
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0E5CFA74
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D
AlternateDataStreams: C:\ProgramData\TEMP:12A012A1
AlternateDataStreams: C:\ProgramData\TEMP:149327FE
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:17D88661
AlternateDataStreams: C:\ProgramData\TEMP:19F08842
AlternateDataStreams: C:\ProgramData\TEMP:1FD9DB67
AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2640C43F
AlternateDataStreams: C:\ProgramData\TEMP:26E2A0C3
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:29C0641D
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2B856118
AlternateDataStreams: C:\ProgramData\TEMP:2C8C1CCD
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:36DD742E
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
AlternateDataStreams: C:\ProgramData\TEMP:3BE7E50E
AlternateDataStreams: C:\ProgramData\TEMP:3CEF7764
AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC
AlternateDataStreams: C:\ProgramData\TEMP:3F694C8D
AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827
AlternateDataStreams: C:\ProgramData\TEMP:42B6425E
AlternateDataStreams: C:\ProgramData\TEMP:432EC713
AlternateDataStreams: C:\ProgramData\TEMP:44140787
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009
AlternateDataStreams: C:\ProgramData\TEMP:5279F7BF
AlternateDataStreams: C:\ProgramData\TEMP:5335CE76
AlternateDataStreams: C:\ProgramData\TEMP:538A9F02
AlternateDataStreams: C:\ProgramData\TEMP:54531C7D
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:59286A3A
AlternateDataStreams: C:\ProgramData\TEMP:5A15BCD4
AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC
AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C1EAB4E
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:64170090
AlternateDataStreams: C:\ProgramData\TEMP:6423D635
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F
AlternateDataStreams: C:\ProgramData\TEMP:67842DB7
AlternateDataStreams: C:\ProgramData\TEMP:67CF910D
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B251180
AlternateDataStreams: C:\ProgramData\TEMP:6C049F97
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:79059537
AlternateDataStreams: C:\ProgramData\TEMP:7943ACC4
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BBC3CCD
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA
AlternateDataStreams: C:\ProgramData\TEMP:7ECD9621
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7
AlternateDataStreams: C:\ProgramData\TEMP:874ADA37
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB
AlternateDataStreams: C:\ProgramData\TEMP:8AC20936
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653
AlternateDataStreams: C:\ProgramData\TEMP:95775248
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00
AlternateDataStreams: C:\ProgramData\TEMP:A5948878
AlternateDataStreams: C:\ProgramData\TEMP:A5CD91DF
AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:A899E64E
AlternateDataStreams: C:\ProgramData\TEMP:AA92F7C7
AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538
AlternateDataStreams: C:\ProgramData\TEMP:AE289451
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:AEB961C5
AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD
AlternateDataStreams: C:\ProgramData\TEMP:B02249C3
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B2D32F1D
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E
AlternateDataStreams: C:\ProgramData\TEMP:B709343D
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417
AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A
AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2
AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592
AlternateDataStreams: C:\ProgramData\TEMP:C9FD258B
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB55AED3
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6
AlternateDataStreams: C:\ProgramData\TEMP:CC96FF70
AlternateDataStreams: C:\ProgramData\TEMP:CCB49694
AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0
AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D51F4BAE
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:DCB27118
AlternateDataStreams: C:\ProgramData\TEMP:DF19F127
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E45C22B7
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EBFB51F1
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447
AlternateDataStreams: C:\ProgramData\TEMP:F21CB906
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F2DA92FA
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14
AlternateDataStreams: C:\ProgramData\TEMP:F4362715
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273
AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:F888E36D
AlternateDataStreams: C:\ProgramData\TEMP:FA09FC72
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FC98D33A
AlternateDataStreams: C:\ProgramData\TEMP:FD2BFC89
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/07/2013 04:00:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/04/2013 02:20:47 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 02:20:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 02:20:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (11/04/2013 10:59:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (11/04/2013 10:58:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (11/04/2013 10:58:12 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (11/03/2013 11:02:21 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/29/2013 10:50:39 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/29/2013 10:50:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 1661.71 MB
Available physical RAM: 538.48 MB
Total Pagefile: 3323.42 MB
Available Pagefile: 1844.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:138.95 GB) (Free:107.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 39632641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 benrufus :: BENRUFUS-PC [Administrator] 07.11.2013 15:25:36 mbam-log-2013-11-07 (15-25-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211178 Laufzeit: 6 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 16 C:\Program Files (x86)\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 25 C:\Users\benrufus\Downloads\bubblehit_mp_pgr.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1(1).exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetup_r.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.crx (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\UniverselyWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Microsoft.Win32.TaskScheduler.xml (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome\HomeTab_3869.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
Baum-Darstellung