![]() |
|
Log-Analyse und Auswertung: Avast RootkitmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Avast Rootkitmeldung Hi Leute ich hatte eben eine Meldung von Avast über ein Rootkit.Der Rechner wurde dann neu gestartet. In Avast kann ich aber keine Eintrag finden über den Namen des Rootkit /noch wo es war. Der Rechner ist etwas langsam in Letzter Zeit geworden,Außerdem gibt es beim Runterfahren öfter Meldungen noch Hintergrundprogramme geschlossen werden müssen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by benrufus (administrator) on BENRUFUS-PC on 07-11-2013 17:44:59 Running from C:\Users\benrufus\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Microsoft Corporation) C:\windows\System32\WScript.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1178624 2011-08-22] (Sphinx Software) HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD) MountPoints2: {a76229f1-5c88-11e2-aa86-d43d7e00be67} - E:\Startme.exe HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [65536 2007-01-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-07] (AVAST Software) Startup: C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de SearchScopes: HKLM - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = SearchScopes: HKCU - {094CB164-F8E4-4014-9A7C-8E7D4D58F311} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F7074E12-7D4B-4D07-8B45-EEEC289C765B&apn_sauid=B1C0BD14-6B0B-4DFC-82BB-15918AD1B35F SearchScopes: HKCU - {1BAC353D-BC74-4E13-899F-0733B76B3C7F} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983 FF user.js: detected! => C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\user.js FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask Search FF SelectedSearchEngine: Google FF Homepage: hxxp://home.1und1.de/?linkId=AC:B:default.hd.nav.themenportal&ucuoId=PUAC:lead.EUE.DE-20121217101521-44C67EE6849865FBD9498D95C7011E38.TCpfix114b FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\askcom.xml FF SearchPlugin: C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\benrufus\AppData\Roaming\Mozilla\Firefox\Profiles\tm9b5jf0.default-1354004411983\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: about:newtab?source=home CHR RestoreOnStartup: "about:newtab?source=home"], "restore_on_startup_migrated":true, "restore_on_startup":4}, "countryid_at_install":17477, "homepage_is_newtabpage":"true", "extensions":{"autoupdate":{"next_check":"13002491508116376"}, "settings":{"fgibjgmnimooanbagcfpnkmngejcojaf":{"ack_external":true}, "ahfgeienlihckogmohjhadlkjgocpleb":{"page_ordinal":"n", "app_launcher_ordinal":"n"}, "coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "aohghmighlieiainnegkcijnfilokake":{"from_bookmark":false, "location":1, "ack_external":true, "path":"aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0", "exclude_from_sideload_wipeout":true, "was_installed_by_default":true, "install_time":"13002474549230452", "creation_flags":137, "page_ordinal":"n", "manifest":{"app":{"launch":{"local_path":"main.html"}}, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB", "version":"0.0.0.6", "update_url":"hxxp://clients2.google.com/service/update2/crx", "name":"Docs", "icons":{"128":"icon_128.png", "16":"icon_16.png"}, "offline_enabled":true, "description":"Create, share, and access your Google Docs from anywhere.", "manifest_version":2}, "state":1, "from_webstore":true, "app_launcher_ordinal":"t"}, "apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true, "exclude_from_sideload_wipeout":true}}, "chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "last_chrome_version":"24.0.1312.52"}, "distribution":{"oem_bubble":true, "skip_first_run_ui":true, "create_all_shortcuts":true, "import_search_engine":false, "show_welcome_page":true, "make_chrome_default":true, "do_not_launch_chrome":true, "alternate_shortcut_text":false, "verbose_logging":false, "import_history":false, "chrome_shortcut_icon_index":0, "import_home_page":false}, "promo":{"ntp_bubble_promo":[{"increment_max":1, "end":1361228340, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":1, "start":1352329200, "text":"Chrome wurde automatisch aktualisiert<br/>\n Sie verwenden jetzt die beste und aktuellste Version.", "segment":1, "group":0, "num_groups":1, "gplus_required":false}], "ntp_notification_promo":[{"increment_max":1, "end":1357685940, "closed":false, "increment":1, "views":0, "increment_frequency":0, "max_views":15, "start":1356303600, "text":"Haben Sie ein Smartphone oder Tablet? <a href=\"https://www.google.com/chrome/mobile/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Holen Sie sich Chrome Mobile</a>", "segment":1, "group":0, "num_groups":1, "gplus_required":false}]}, "profile":{"avatar_index":0, "exit_type":"Normal", "content_settings":{"clear_on_exit_migrated":true, "pref_version":1}, "exited_cleanly":true, "name":"Erster Nutzer"}, "browser":{"window_placement":{"work_area_top":0, "work_area_right":1360, "top":10, "left":10, "bottom":758, "maximized":false, "right":1060, "work_area_left":0, "work_area_bottom":768}, "last_prompted_google_url":"hxxp://www.google.de/", "last_known_google_url":"hxxp://www.google.de/", "show_home_button":true}, "homepage":"about:newtab?source=home", "download":{"directory_upgrade" CHR Extension: (Docs) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (Norton Identity Protection) - C:\Users\benrufus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-07] (AVAST Software) R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [633856 2011-08-22] (Sphinx Software) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-07] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-07] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-07] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-07] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-07] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-07] (AVAST Software) R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-07] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-07] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation) S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider) S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] () S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] () S3 MSICDSetup; \??\D:\CDriver64.sys [x] S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST 2013-11-07 17:43 - 2013-11-07 17:44 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe 2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini 2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free 2013-11-07 16:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys 2013-11-07 16:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2013-11-07 16:45 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\acpimof.dll 2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe 2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR 2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip 2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip 2013-11-07 16:39 - 2013-11-07 16:51 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part 2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip 2013-11-07 16:36 - 2013-11-07 17:34 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc 2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle 2013-11-07 16:16 - 2013-11-07 16:15 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-11-07 16:16 - 2013-11-07 16:15 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-11-07 16:16 - 2013-11-07 16:15 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl 2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java 2013-11-07 16:09 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-07 16:07 - 2013-11-07 16:09 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe 2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software 2013-11-07 16:01 - 2013-11-07 16:31 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-07 16:00 - 2013-11-07 16:31 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-11-07 16:00 - 2013-11-07 16:31 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2013-11-07 16:00 - 2013-11-07 16:31 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2013-11-07 16:00 - 2013-11-07 16:31 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys 2013-11-07 16:00 - 2013-11-07 16:31 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2013-11-07 16:00 - 2013-11-07 16:31 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys 2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys 2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-07 15:35 - 2013-11-07 17:29 - 00489148 _____ C:\windows\PFRO.log 2013-11-07 15:35 - 2013-11-07 17:29 - 00000336 _____ C:\windows\setupact.log 2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log 2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-07 15:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-11-07 15:22 - 2013-11-07 17:17 - 00000000 ____D C:\windows\pss 2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg 2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL 2013-11-04 10:49 - 2013-11-04 10:57 - 00001672 _____ C:\windows\system32\ASOROSet.bin 2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup 2013-11-03 11:41 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2013-11-03 11:41 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-11-03 10:14 - 2013-11-04 10:59 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector 2013-11-03 10:14 - 2013-11-04 10:59 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector 2013-11-03 10:13 - 2013-11-04 11:15 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak 2013-11-03 10:13 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe 2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757} 2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore 2013-10-17 11:00 - 2013-10-17 11:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg 2013-10-11 09:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-10-11 09:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-10-11 09:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-10-11 09:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-11 09:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-11 09:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-10-11 09:41 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-11 09:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-10-11 09:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-11 09:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-10-11 09:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-10-11 09:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-11 08:35 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-11 08:35 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2013-10-11 08:35 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2013-10-11 08:35 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2013-10-11 08:35 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2013-10-11 08:35 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-11 08:35 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2013-10-11 08:35 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2013-10-11 08:35 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2013-10-11 08:35 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-11 08:35 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2013-10-11 08:35 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2013-10-11 08:34 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2013-10-11 08:34 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-10-11 08:34 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2013-10-11 08:34 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll 2013-10-11 08:34 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-10-11 08:34 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-10-11 08:34 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2013-10-11 08:34 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-10-11 08:34 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2013-10-11 08:34 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-10-11 08:34 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-10-11 08:34 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-10-11 08:34 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2013-10-11 08:34 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-10-11 08:34 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2013-10-11 08:34 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-10-11 08:34 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-10-11 08:34 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-10-11 08:34 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-10-11 08:34 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-11 08:34 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll 2013-10-11 08:34 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2013-10-11 08:34 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 08:34 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 08:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2013-10-11 08:34 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll 2013-10-11 08:34 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll 2013-10-11 08:34 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll 2013-10-11 08:34 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll 2013-10-11 08:34 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2013-10-11 08:34 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-11 08:34 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2013-10-11 08:34 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-11 08:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe 2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe ==================== One Month Modified Files and Folders ======= 2013-11-07 17:44 - 2013-11-07 17:44 - 00000000 ____D C:\FRST 2013-11-07 17:44 - 2013-11-07 17:43 - 01957098 _____ (Farbar) C:\Users\benrufus\Desktop\FRST64.exe 2013-11-07 17:44 - 2012-10-11 06:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-07 17:37 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-07 17:36 - 2013-09-02 16:25 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-07 17:35 - 2012-09-12 06:07 - 01716736 _____ C:\windows\WindowsUpdate.log 2013-11-07 17:34 - 2013-11-07 16:36 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\vlc 2013-11-07 17:30 - 2013-09-02 16:25 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-07 17:29 - 2013-11-07 15:35 - 00489148 _____ C:\windows\PFRO.log 2013-11-07 17:29 - 2013-11-07 15:35 - 00000336 _____ C:\windows\setupact.log 2013-11-07 17:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-07 17:20 - 2012-10-12 14:12 - 00000000 ____D C:\ProgramData\Trymedia 2013-11-07 17:19 - 2012-10-12 14:09 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-07 17:17 - 2013-11-07 15:22 - 00000000 ____D C:\windows\pss 2013-11-07 17:17 - 2013-07-28 09:14 - 00000000 ____D C:\ProgramData\Big Fish 2013-11-07 17:17 - 2013-07-09 08:19 - 00000000 ____D C:\BigFishCache 2013-11-07 17:17 - 2012-10-09 20:31 - 00000000 ___RD C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-07 17:02 - 2013-11-07 17:02 - 00000067 _____ C:\Users\benrufus\AppData\Roaming\burnaware.ini 2013-11-07 17:01 - 2013-11-07 17:01 - 00000000 ____D C:\Program Files (x86)\BurnAware Free 2013-11-07 16:51 - 2013-11-07 16:39 - 94667481 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip.part 2013-11-07 16:50 - 2012-06-04 07:25 - 00000000 ____D C:\Program Files (x86)\Realtek 2013-11-07 16:44 - 2013-11-07 16:44 - 02074056 _____ C:\Users\benrufus\Downloads\winrar-x64-500d.exe 2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-11-07 16:44 - 2013-11-07 16:44 - 00000000 ____D C:\Program Files\WinRAR 2013-11-07 16:42 - 2013-11-07 16:42 - 03597051 _____ C:\Users\benrufus\Downloads\LiveUpdate.zip 2013-11-07 16:40 - 2013-11-07 16:40 - 06095405 _____ C:\Users\benrufus\Downloads\realtek_pcielan_7_mb.zip 2013-11-07 16:39 - 2013-11-07 16:39 - 00000000 _____ C:\Users\benrufus\Downloads\ati_system_drivers_mb.zip 2013-11-07 16:36 - 2013-11-07 16:36 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-11-07 16:35 - 2013-11-07 16:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-11-07 16:31 - 2013-11-07 16:31 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2013-11-07 16:31 - 2013-11-07 16:31 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-11-07 16:31 - 2013-11-07 16:01 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-07 16:31 - 2013-11-07 16:00 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-11-07 16:31 - 2013-11-07 16:00 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2013-11-07 16:31 - 2013-11-07 16:00 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2013-11-07 16:31 - 2013-11-07 16:00 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys 2013-11-07 16:31 - 2013-11-07 16:00 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2013-11-07 16:31 - 2013-11-07 16:00 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys 2013-11-07 16:21 - 2012-10-09 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-07 16:16 - 2013-11-07 16:16 - 00000000 ____D C:\ProgramData\Oracle 2013-11-07 16:15 - 2013-11-07 16:16 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-11-07 16:15 - 2013-11-07 16:16 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-11-07 16:15 - 2013-11-07 16:16 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Windows7FirewallControl 2013-11-07 16:15 - 2013-11-07 16:15 - 00000000 ____D C:\Program Files\Java 2013-11-07 16:10 - 2013-11-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-07 16:09 - 2013-11-07 16:07 - 30694824 _____ (Oracle Corporation) C:\Users\benrufus\Downloads\jre-7u45-windows-x64.exe 2013-11-07 16:02 - 2013-11-07 16:02 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AVAST Software 2013-11-07 16:00 - 2013-11-07 16:00 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-11-07 16:00 - 2013-11-07 16:00 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2013-11-07 16:00 - 2013-11-07 16:00 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys 2013-11-07 15:59 - 2013-11-07 15:59 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-07 15:58 - 2013-11-07 15:58 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-07 15:56 - 2012-06-01 13:57 - 00000000 ____D C:\ProgramData\Norton 2013-11-07 15:35 - 2013-11-07 15:35 - 00000000 _____ C:\windows\setuperr.log 2013-11-07 15:33 - 2013-06-07 13:40 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Iminent 2013-11-07 15:33 - 2013-06-07 13:39 - 00000000 ____D C:\ProgramData\Iminent 2013-11-07 15:33 - 2013-06-07 13:35 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\SimplyTech 2013-11-07 15:24 - 2013-11-07 15:24 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Malwarebytes 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-07 15:24 - 2013-11-07 15:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-07 15:20 - 2013-11-07 15:20 - 00000702 _____ C:\Users\benrufus\Documents\cc_20131107_152022.reg 2013-11-07 15:19 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat 2013-11-07 15:19 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat 2013-11-07 15:19 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-07 10:58 - 2013-11-07 10:58 - 00000219 _____ C:\Users\benrufus\Desktop\FRITZ!Box.URL 2013-11-06 10:30 - 2012-10-09 21:03 - 00000000 ____D C:\Users\benrufus\AppData\Local\Mozilla 2013-11-04 11:15 - 2013-11-03 10:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Systweak 2013-11-04 10:59 - 2013-11-03 10:14 - 00003338 _____ C:\windows\System32\Tasks\Advanced System Protector 2013-11-04 10:59 - 2013-11-03 10:14 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Advanced System Protector 2013-11-04 10:58 - 2012-10-09 20:26 - 00000000 ____D C:\Users\benrufus 2013-11-04 10:57 - 2013-11-04 10:49 - 00001672 _____ C:\windows\system32\ASOROSet.bin 2013-11-04 10:57 - 2009-07-14 03:34 - 66322432 _____ C:\windows\system32\config\software.bak 2013-11-04 10:57 - 2009-07-14 03:34 - 18612224 _____ C:\windows\system32\config\system.bak 2013-11-04 10:57 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak 2013-11-04 10:51 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak 2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\windows\system32\config\RCCBakup 2013-11-04 10:42 - 2013-03-29 09:12 - 00000000 ____D C:\Zylom Games 2013-10-30 17:35 - 2012-10-15 06:33 - 00000000 ____D C:\Users\benrufus\AppData\Local\CrashDumps 2013-10-30 11:39 - 2013-07-19 08:24 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\bfgallmygodsde 2013-10-30 11:19 - 2013-10-30 11:19 - 00002968 _____ C:\{23143EEB-AB0B-45B7-8554-73E77FC32757} 2013-10-30 09:43 - 2012-12-18 09:27 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\rokapublish 2013-10-29 09:46 - 2012-11-30 08:43 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Playrix Entertainment 2013-10-28 10:37 - 2012-11-25 09:45 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\DivoGames 2013-10-25 12:41 - 2013-10-25 12:41 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\Realore 2013-10-25 11:28 - 2012-10-25 07:28 - 00000000 ____D C:\ProgramData\Playrix Entertainment 2013-10-17 14:32 - 2012-12-09 10:50 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\AlawarEntertainment 2013-10-17 13:32 - 2013-05-11 08:10 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\quickclick 2013-10-17 11:45 - 2013-10-17 11:00 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\when_in_rome_bfg 2013-10-14 13:41 - 2012-11-01 10:03 - 00000000 ____D C:\Users\benrufus\Documents\8floor 2013-10-14 13:20 - 2012-06-01 13:17 - 00000000 ____D C:\windows\Panther 2013-10-14 11:54 - 2013-07-01 08:13 - 00000000 ____D C:\Users\benrufus\AppData\Roaming\adelantado_2_realore_bigfishgames_en 2013-10-14 08:25 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-10-13 09:31 - 2013-09-02 16:25 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-13 09:31 - 2013-09-02 16:25 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-12 08:57 - 2009-07-14 05:45 - 00399024 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-11 09:45 - 2009-07-14 03:34 - 00000499 _____ C:\windows\win.ini 2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 09:37 - 2013-01-12 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-11 09:18 - 2013-08-14 11:20 - 00000000 ____D C:\windows\system32\MRT 2013-10-11 09:04 - 2012-06-04 07:37 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-09 13:45 - 2012-10-11 06:55 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 13:45 - 2012-10-11 06:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 13:45 - 2012-10-11 06:55 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 12:25 - 2013-10-08 12:25 - 05831344 _____ (TeamViewer GmbH) C:\Users\benrufus\Downloads\TeamViewer_Setup_de.exe 2013-10-08 11:24 - 2013-10-08 11:24 - 27824472 _____ (Sony Mobile Communications ) C:\Users\benrufus\Downloads\Sony PC Companion_2.10.174_Web.exe Files to move or delete: ==================== C:\ProgramData\winiml.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-03 13:27 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013 Ran by benrufus at 2013-11-07 17:46:48 Running from C:\Users\benrufus\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD AVIVO64 Codecs (Version: 12.4.100.20405) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2012.1219.1521.27485) AMD Media Foundation Decoders (Version: 1.0.71219.1540) AMD Steady Video Plug-In (Version: 2.06.0000) AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485) avast! Free Antivirus (x32 Version: 9.0.2007) Brother MFL-Pro Suite (x32 Version: 1.00) BurnAware Free 6.7 (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.1219.1521.27485) CCleaner (Version: 4.04) D3DX10 (x32 Version: 15.4.2368.0902) ElsterFormular (x32 Version: 14.0.0.10960) Google Update Helper (x32 Version: 1.3.21.165) HydraVision (x32 Version: 4.2.236.0) Java 7 Update 45 (64-bit) (Version: 7.0.450) Junk Mail filter update (x32 Version: 15.4.3502.0922) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0) Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0) Mozilla Maintenance Service (x32 Version: 25.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) OpenAL (x32) Realtek Ethernet Controller Driver (x32 Version: 7.72.410.2013) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) VLC media player 2.1.0 (x32 Version: 2.1.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows7FirewallControl (x64) 4.1.21.93 (Version: 4.1.21.93) WinRAR 5.00 (64-Bit) (Version: 5.00.0) ==================== Restore Points ========================= 22-10-2013 10:04:57 Windows-Sicherung 29-10-2013 09:50:57 Windows-Sicherung 03-11-2013 09:18:13 RegClean Pro So, Nov 03, 13 10:18 03-11-2013 12:36:18 Windows Update 04-11-2013 13:21:08 Windows-Sicherung 07-11-2013 14:48:17 Removed Java 7 Update 25 07-11-2013 14:59:20 avast! antivirus system restore point 07-11-2013 15:12:28 Installed Java 7 Update 45 (64-bit) 07-11-2013 15:29:25 avast! antivirus system restore point 07-11-2013 15:49:46 Installiert Realtek Ethernet Controller Driver 07-11-2013 16:18:26 Removed Google Earth Plug-in. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AC2944E-BA71-4CF8-80CE-E58F217919A0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1123533030-1629721145-1419368049-1001 Task: {1F297318-AE7B-408F-8C5A-1C78D8D3D5C6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated) Task: {3F190183-3022-4D16-A6AB-7A5C53084444} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.) Task: {4919792E-765C-4A9F-BA6F-285CAA288A10} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe Task: {6EE18347-A80F-4079-A5DF-3866E659D30A} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe Task: {6FD139E5-AE6F-49B8-B3D5-55031A7FC8B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {815238CA-CA6C-435E-A167-ED43757F3A0C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-07] (AVAST Software) Task: {CFB3CDB9-7046-4831-B9DD-C1CEF25D4EDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {D17E143A-35BA-4766-9066-3112F3FB0B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.) Task: {D3F31993-A057-48DD-868A-D3A202CE2885} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {DBFF1921-9B3C-4E13-ABE3-2E28AC2B565E} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 15:32 - 2012-12-19 15:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-11-07 16:07 - 2013-11-07 11:26 - 02139648 _____ () C:\Program Files\AVAST Software\Avast\defs\13110700\algo.dll 2013-11-07 16:00 - 2013-11-07 16:00 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-11-07 16:09 - 2013-11-07 16:10 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:00AA4B31 AlternateDataStreams: C:\ProgramData\TEMP:00F7B10F AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF AlternateDataStreams: C:\ProgramData\TEMP:01312928 AlternateDataStreams: C:\ProgramData\TEMP:0287BE91 AlternateDataStreams: C:\ProgramData\TEMP:05F7DEE6 AlternateDataStreams: C:\ProgramData\TEMP:063969F8 AlternateDataStreams: C:\ProgramData\TEMP:06B8FE62 AlternateDataStreams: C:\ProgramData\TEMP:08677BDD AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2 AlternateDataStreams: C:\ProgramData\TEMP:08DB8D99 AlternateDataStreams: C:\ProgramData\TEMP:097FF903 AlternateDataStreams: C:\ProgramData\TEMP:0988A428 AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52 AlternateDataStreams: C:\ProgramData\TEMP:0AE2C68F AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47 AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E AlternateDataStreams: C:\ProgramData\TEMP:0E5CFA74 AlternateDataStreams: C:\ProgramData\TEMP:0E61938B AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A AlternateDataStreams: C:\ProgramData\TEMP:104A718B AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D AlternateDataStreams: C:\ProgramData\TEMP:12A012A1 AlternateDataStreams: C:\ProgramData\TEMP:149327FE AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6 AlternateDataStreams: C:\ProgramData\TEMP:16A4620C AlternateDataStreams: C:\ProgramData\TEMP:17D88661 AlternateDataStreams: C:\ProgramData\TEMP:19F08842 AlternateDataStreams: C:\ProgramData\TEMP:1FD9DB67 AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7 AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B AlternateDataStreams: C:\ProgramData\TEMP:2640C43F AlternateDataStreams: C:\ProgramData\TEMP:26E2A0C3 AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2 AlternateDataStreams: C:\ProgramData\TEMP:29C0641D AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4 AlternateDataStreams: C:\ProgramData\TEMP:2B856118 AlternateDataStreams: C:\ProgramData\TEMP:2C8C1CCD AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:2CED8825 AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93 AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD AlternateDataStreams: C:\ProgramData\TEMP:30E0D641 AlternateDataStreams: C:\ProgramData\TEMP:3487C53E AlternateDataStreams: C:\ProgramData\TEMP:34FDB459 AlternateDataStreams: C:\ProgramData\TEMP:36DD742E AlternateDataStreams: C:\ProgramData\TEMP:38FF076E AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4 AlternateDataStreams: C:\ProgramData\TEMP:3BE7E50E AlternateDataStreams: C:\ProgramData\TEMP:3CEF7764 AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC AlternateDataStreams: C:\ProgramData\TEMP:3F694C8D AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827 AlternateDataStreams: C:\ProgramData\TEMP:42B6425E AlternateDataStreams: C:\ProgramData\TEMP:432EC713 AlternateDataStreams: C:\ProgramData\TEMP:44140787 AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF AlternateDataStreams: C:\ProgramData\TEMP:4D348522 AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009 AlternateDataStreams: C:\ProgramData\TEMP:5279F7BF AlternateDataStreams: C:\ProgramData\TEMP:5335CE76 AlternateDataStreams: C:\ProgramData\TEMP:538A9F02 AlternateDataStreams: C:\ProgramData\TEMP:54531C7D AlternateDataStreams: C:\ProgramData\TEMP:57173DB4 AlternateDataStreams: C:\ProgramData\TEMP:57B374AB AlternateDataStreams: C:\ProgramData\TEMP:59286A3A AlternateDataStreams: C:\ProgramData\TEMP:5A15BCD4 AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC AlternateDataStreams: C:\ProgramData\TEMP:5BB7898D AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1 AlternateDataStreams: C:\ProgramData\TEMP:5C1EAB4E AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47 AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8 AlternateDataStreams: C:\ProgramData\TEMP:64170090 AlternateDataStreams: C:\ProgramData\TEMP:6423D635 AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F AlternateDataStreams: C:\ProgramData\TEMP:67842DB7 AlternateDataStreams: C:\ProgramData\TEMP:67CF910D AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31 AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 AlternateDataStreams: C:\ProgramData\TEMP:6B251180 AlternateDataStreams: C:\ProgramData\TEMP:6C049F97 AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA AlternateDataStreams: C:\ProgramData\TEMP:70E897B5 AlternateDataStreams: C:\ProgramData\TEMP:74091520 AlternateDataStreams: C:\ProgramData\TEMP:79059537 AlternateDataStreams: C:\ProgramData\TEMP:7943ACC4 AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA AlternateDataStreams: C:\ProgramData\TEMP:7BBC3CCD AlternateDataStreams: C:\ProgramData\TEMP:7D288858 AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA AlternateDataStreams: C:\ProgramData\TEMP:7ECD9621 AlternateDataStreams: C:\ProgramData\TEMP:819394CC AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7 AlternateDataStreams: C:\ProgramData\TEMP:874ADA37 AlternateDataStreams: C:\ProgramData\TEMP:87E3D720 AlternateDataStreams: C:\ProgramData\TEMP:884C7316 AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB AlternateDataStreams: C:\ProgramData\TEMP:8AC20936 AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098 AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3 AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E AlternateDataStreams: C:\ProgramData\TEMP:92DB4653 AlternateDataStreams: C:\ProgramData\TEMP:95775248 AlternateDataStreams: C:\ProgramData\TEMP:96838F8A AlternateDataStreams: C:\ProgramData\TEMP:97B3B270 AlternateDataStreams: C:\ProgramData\TEMP:9DB67071 AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 AlternateDataStreams: C:\ProgramData\TEMP:A5948878 AlternateDataStreams: C:\ProgramData\TEMP:A5CD91DF AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24 AlternateDataStreams: C:\ProgramData\TEMP:A7964713 AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF AlternateDataStreams: C:\ProgramData\TEMP:A899E64E AlternateDataStreams: C:\ProgramData\TEMP:AA92F7C7 AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538 AlternateDataStreams: C:\ProgramData\TEMP:AE289451 AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8 AlternateDataStreams: C:\ProgramData\TEMP:AEB961C5 AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD AlternateDataStreams: C:\ProgramData\TEMP:B02249C3 AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5 AlternateDataStreams: C:\ProgramData\TEMP:B285A50E AlternateDataStreams: C:\ProgramData\TEMP:B2D32F1D AlternateDataStreams: C:\ProgramData\TEMP:B65E763D AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E AlternateDataStreams: C:\ProgramData\TEMP:B709343D AlternateDataStreams: C:\ProgramData\TEMP:B88DC997 AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530 AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1 AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2 AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D AlternateDataStreams: C:\ProgramData\TEMP:BFE54417 AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1 AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1 AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1 AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0 AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621 AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592 AlternateDataStreams: C:\ProgramData\TEMP:C9FD258B AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8 AlternateDataStreams: C:\ProgramData\TEMP:CB55AED3 AlternateDataStreams: C:\ProgramData\TEMP:CB959782 AlternateDataStreams: C:\ProgramData\TEMP:CC45913B AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4 AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6 AlternateDataStreams: C:\ProgramData\TEMP:CC96FF70 AlternateDataStreams: C:\ProgramData\TEMP:CCB49694 AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0 AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0 AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06 AlternateDataStreams: C:\ProgramData\TEMP:D254266B AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB AlternateDataStreams: C:\ProgramData\TEMP:D51F4BAE AlternateDataStreams: C:\ProgramData\TEMP:D59DE356 AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D AlternateDataStreams: C:\ProgramData\TEMP:D987CB43 AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3 AlternateDataStreams: C:\ProgramData\TEMP:DCB27118 AlternateDataStreams: C:\ProgramData\TEMP:DF19F127 AlternateDataStreams: C:\ProgramData\TEMP:E0848D16 AlternateDataStreams: C:\ProgramData\TEMP:E153075C AlternateDataStreams: C:\ProgramData\TEMP:E45C22B7 AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41 AlternateDataStreams: C:\ProgramData\TEMP:E6537A16 AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5 AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55 AlternateDataStreams: C:\ProgramData\TEMP:EBFB51F1 AlternateDataStreams: C:\ProgramData\TEMP:EC752217 AlternateDataStreams: C:\ProgramData\TEMP:EC769091 AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5 AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83 AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44 AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447 AlternateDataStreams: C:\ProgramData\TEMP:F21CB906 AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9 AlternateDataStreams: C:\ProgramData\TEMP:F2DA92FA AlternateDataStreams: C:\ProgramData\TEMP:F3029A65 AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14 AlternateDataStreams: C:\ProgramData\TEMP:F4362715 AlternateDataStreams: C:\ProgramData\TEMP:F52DB269 AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A AlternateDataStreams: C:\ProgramData\TEMP:F65A2273 AlternateDataStreams: C:\ProgramData\TEMP:F6C0CA66 AlternateDataStreams: C:\ProgramData\TEMP:F7370879 AlternateDataStreams: C:\ProgramData\TEMP:F888E36D AlternateDataStreams: C:\ProgramData\TEMP:FA09FC72 AlternateDataStreams: C:\ProgramData\TEMP:FBA79096 AlternateDataStreams: C:\ProgramData\TEMP:FC98D33A AlternateDataStreams: C:\ProgramData\TEMP:FD2BFC89 AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc. System Error: Das System kann die angegebene Datei nicht finden. . Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc. System Error: Das System kann die angegebene Datei nicht finden. . Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/07/2013 04:00:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/04/2013 02:20:47 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (11/04/2013 02:20:46 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (11/04/2013 02:20:45 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (11/04/2013 10:59:45 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error: (11/04/2013 10:58:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5. Error: (11/04/2013 10:58:12 AM) (Source: volmgr) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (11/03/2013 11:02:21 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/29/2013 10:50:39 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (10/29/2013 10:50:38 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (11/07/2013 05:30:27 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 05:13:04 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 05:00:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 04:23:24 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 04:13:56 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc. System Error: Das System kann die angegebene Datei nicht finden. Error: (11/07/2013 03:59:28 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary gdsqnulc. System Error: Das System kann die angegebene Datei nicht finden. Error: (11/07/2013 03:58:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 03:36:52 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 02:57:16 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2013 09:10:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 67% Total physical RAM: 1661.71 MB Available physical RAM: 538.48 MB Total Pagefile: 3323.42 MB Available Pagefile: 1844.55 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:138.95 GB) (Free:107.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 39632641) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=139 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=27) ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 benrufus :: BENRUFUS-PC [Administrator] 07.11.2013 15:25:36 mbam-log-2013-11-07 (15-25-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211178 Laufzeit: 6 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {FF46FDF8-24F6-11E3-95FF-D43D7E00BE67} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 16 C:\Program Files (x86)\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 25 C:\Users\benrufus\Downloads\bubblehit_mp_pgr.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1(1).exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetupst_RC1_DE_F_1.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\Downloads\rcpsetup_r.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.crx (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\UniverselyWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\SimplyTech\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\Microsoft.Win32.TaskScheduler.xml (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HomeTab\support@HomeTab.com\chrome\HomeTab_3869.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\benrufus\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |