|
Log-Analyse und Auswertung: Wie werde ich HTML:Incuder-AY[Trj] los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.02.2014, 04:31 | #1 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo, nach einem Virenscan (Startzeit Überprüfung) mit Avast (neueste Version, Viren Update aktuell) wurden 23 infizierte Dateien gefunden und in den Viren Container verschoben. Log-Datei: Code:
ATTFilter 02/22/2014 09:32 Prüfung aller lokalen Laufwerke Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.} Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.} Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.} Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei I:\Eigene Dateien\Iris\Beef Tapa Recipe l-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Camaron Rebosado-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Macaroni -ChickenSalad -Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\schnittlauch-eier-dip.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\teelichthalter-basteln.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Pork Tapa Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Cheese Sticks-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\kuerbis-sugo_.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data_002\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Haekeln\muffins_joghurt.html ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Haekeln\osterbecher.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Haekeln\servietten-osterhase.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Egg-deep-fried-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Chocolate Brownies.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Chocolate Cupcakes.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Chicken Breasts Moroccan Spiced Grilled .htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei I:\Eigene Dateien\Iris\Chicken Peanut Stews.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben Datei K:\Internet\FireFox\Profile\Desktop_20June2013\bkehi1ow.default\extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben Datei K:\Internet\Firefox 6.0.2 (de) - 2013-03-31.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben Datei K:\Internet\Firefox 6.0.2 (de) - 2013-04-30.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben Datei K:\Internet\Firefox 6.0.2 (de) - 2013-05-07.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.} Anzahl durchsuchter Ordner: 56229 Anzahl der geprüften Dateien: 1911830 Anzahl infizierter Dateien: 23 ---------------------------------------- A) Das Programm Trojan Killer laufen lassen. Ergebnisse: Code:
ATTFilter Trojan Killer (32-bit) v.2.2.1.6 Report file date: 2/23/2014 10:24:43 AM Last update : -- Scanning for 746444 virus strains and unwanted programs. Licensed: UNREGISTERED Windows version: Windows 7 Starter (version 6.1) Username: netbook Computer name: NETBOOK-PC Starting the file scan: Standard Scan started Startup objects checked BHO plugins checked Services checked ActiveX objects checked Files checked Scanning process... ----- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Report "\adwcleaner\adwcleaner[s0].txt" ---- Registry File-not-found#AS ----- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UpdatePRCShortCut ""c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe" "c:\program files\lenovo\onekey app\onekey recovery" updatewithcreateonce "software\lenovo\onekey app\onekey recovery"" ---- Registry File-not-found#AS ----- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv "grpconv -o" ---- Registry File-not-found#AS ----- e:\progra~1\ratdvd\xeb\xebcore.dll ---- General Mal/Fraud!se-1256 ProdVer: FileVer: MD5: C711B758282C8B6280F2FD45B569A679:571904 SUBS: Win32 GUI PE: x86 EPSEC: 7 EPRVA: 0011B001 IBASE: 00400000 EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00B01100807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535 SEC: :E0000040:F639EEF27ECBA542BFE3B861A8BBCABE:353280 :E0000040:81BBBF8C0CC76991E84645D96F59E3A6:7168 :E0000040:00000000000000000000000000000000:0 :E0000040:7FE5590E319CF09113C5CDEF65947260:10240 :E0000040:53D34698542AAA60D8D2EF5B98B43F1A:512 :E0000040:A52F888B761E8716DED9D24252E6234A:33792 .rsrc:E0000040:47F0CF55D9619157CE718E50E7583A62:40448 .data:E0000040:38C44DFE831262F1975B718283DB802F:125440 .adata:E0000040:00000000000000000000000000000000:0 ----- e:\progra~1\ratdvd\xeb\rattag.dll ---- General Mal/Fraud!se-1256 ProdVer: FileVer: MD5: 2B7B660D3B189F373AB7A3CD2CCD20EF:225280 SUBS: Win32 GUI FUZ: 6144:bG2Dh+ishWxpaZU3Ll3OEUx3HhQ1eIIFmGMmBjE:bGCh+ispU35OB6eNFtMmJE PE: x86 EPSEC: 7 EPRVA: 00044001 IBASE: 00400000 EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00400400807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535 SEC: :E0000040:3DFBD399538DC72F315C333C13EA0E97:88576 :E0000040:610EF0591E77C9E16F9E8CBA63C5FBB5:1536 :E0000040:00000000000000000000000000000000:0 :E0000040:27E658ECD62F179418266EF8C3EE4A68:3584 :E0000040:9E80FC4BB728D667AA64B2F4CE0EC152:512 :E0000040:4078F271A05E5DE39605B30763C9DC2B:10752 .rsrc:E0000040:D9E87628C45FC386BA127BB719AA6CE5:3584 .data:E0000040:0253E9BC617F03F9CBB584B057A603C0:115200 .adata:E0000040:00000000000000000000000000000000:0 ----- e:\progra~1\ratdvd\xeb\fcfolder.dll ---- General Mal/Fraud!se-1256 ProdVer: FileVer: MD5: F93E519C817A38008C20AA84AB2BCD7D:178688 SUBS: Win32 GUI FUZ: 3072:6UdhRcqNth1ZcIs3txpVsoKLEZQc3HuwejbhVMIIF2hf2JnnUx9wOmBHh/r3CNS:hFhhs3t/VY0x3HhQ1eIIFmGMmBV35 PE: x86 EPSEC: 7 EPRVA: 00025001 IBASE: 00400000 EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00500200807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535 SEC: :E0000040:69064E587A294652E1039C21D079E339:48128 :E0000040:655E49DA1B0BDA906A2735683D4F21AA:1024 :E0000040:00000000000000000000000000000000:0 :E0000040:4C7DB3636CB4DF826DFA344F6E6AD68E:3072 :E0000040:1942724016C474DBCCA6F18A9F9E18A8:512 :E0000040:CB8D3A3B1DA5F8188EAC537E3B6C04AB:6656 .rsrc:E0000040:82B262C9841EBA552F8A534F5E0017FF:3072 .data:E0000040:4C512D62F1C8E1A2B4E49D37A7B9654E:115200 .adata:E0000040:00000000000000000000000000000000:0 ----- C:\Users\netbook\AppData\Local\Temp\SCC.dll ---- General Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 22200, Total filesize 77031) MD5: FD13D1FD4372787DA319750AF7E1B58C:77031 SUBS: Win32 GUI FUZ: 1536:6ELulWx8eA/jke1L0tT14//sK8JZQwtDRldPJZyAWeloNhg:6Edx8ekstT16/sK8J3lPJZyio7g PE: x86 EP:00 SEC: .text:E0000020:1E4B4664B3E541F76C297F27AE250275:76007 .rsrc:E0000020:00000000000000000000000000000000:5632 :C0000040:00000000000000000000000000000000:0 Scan completed Scan result: 7 detected items Scan completed in: Scan completed in 27 minute(s) 53 sec. Files were scanned: 13926 Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.21.12 Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 11.0.9600.16518 internet :: NETBOOK-PC [limited] Protection: Disabled 2/23/2014 9:56:29 AM mbam-log-2014-02-23 (09-56-29).txt Scan type: Custom scan (C:\Program Files|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 7910 Time elapsed: 9 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 02/22/2014 14:33 Prüfung aller lokalen Laufwerke Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.} Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.} Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.} Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.} Anzahl durchsuchter Ordner: 56133 Anzahl der geprüften Dateien: 1912032 Anzahl infizierter Dateien: 0 Danach bin ich dann auf Eure Seite und habe erstmal alle geforderten Protokolle erstellt. Hier die Ergebnisse: A) Defrogger => wurde erfolgreich beendet und habe ich nicht wieder re-enabled B) FRST 1: FRST.txt => erstellt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01 Ran by internet (ATTENTION: The logged in user is not administrator) on NETBOOK-PC on 24-02-2014 08:25:55 Running from D:\AntiVr\TrojaneroardSoftware Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () D:\Programme\dsksve8\DeskSave.exe (NTeWORKS) E:\Imaging\PicPick\picpick.exe (Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software) HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\c96afbec-8119-4e6d-9278-25ac133224ad.exe /check [181136 2014-02-22] (AVAST Software) HKLM\...\RunOnce: [DCERegBootClean] - C:\windows\RegBootClean.exe [181776 2014-02-22] () HKLM\...\Runonce: [GrpConv] - grpconv -o HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [Google Update] - C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.) HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [DeskSave] - D:\Programme\dsksve8\DeskSave.exe [82944 2008-07-26] () HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [SUPERAntiSpyware] - D:\AntiVr\Superspyware\SUPERAntiSpyware.ex_ HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS) AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A52C2B2D-E755-4837-BA84-049847A21828}&mid=e8c015351f7347d0bd7fd1553d990405-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=bm013&pr=sa&d=2012-11-08 15:18:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: https://www.gmx.net/|hxxp://speedtest.net FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "192.168.0.103" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\webde-suche.xml FF Extension: German Dictionary - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-04] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de_DE@dicts.j3e.de [2013-09-14] FF Extension: United States English Spellchecker - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24] FF Extension: Free Download Manager plugin - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-03-18] FF Extension: FireShot - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-30] FF Extension: TV-Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-03-31] FF Extension: Live HTTP Headers - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-04] FF Extension: WOT - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01] FF Extension: DownloadHelper - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28] FF Extension: FoxClocks - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24] FF Extension: Memory Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-02-24] FF Extension: Firebug - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-04] FF Extension: Open RegEdit Key - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-04] FF Extension: SQLite Manager - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-05-25] FF Extension: GMX MailCheck - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\toolbar@gmx.net.xpi [2012-11-04] FF Extension: YSlow - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-04] FF Extension: Facebook Phishing Protector - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-04] FF Extension: X-notifier - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-04] FF Extension: FireFTP - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-04] FF Extension: Greasemonkey - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-04] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03] FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE CHR DefaultSearchKeyword: google.com.ph CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File CHR Extension: (YouTube) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31] CHR Extension: (Google Search) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31] CHR Extension: (avast! Online Security) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19] CHR Extension: (Mailvelope) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2013-11-02] CHR Extension: (AVG Security Toolbar) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-26] CHR Extension: (Google Wallet) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27] CHR Extension: (Gmail) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31] ========================== Services (Whitelisted) ================= R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software) R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.) R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.) R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.) R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] () R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () S4 cmdAgent; [X] S4 FsUsbExService; [X] S4 VideAceWindowsService; [X] ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software) R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] () R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies) S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.) R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.) R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.) R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO) R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] () R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.) S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] () S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] () S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider) R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO) R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com) R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation ) R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:55 - 2014-02-22 09:02 - 00004788 _____ () C:\windows\RegBootClean.CFG 2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls 2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys ==================== One Month Modified Files and Folders ======= 2014-02-24 08:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST 2014-02-24 08:24 - 2012-05-26 07:27 - 01472710 _____ () C:\windows\WindowsUpdate.log 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-24 08:23 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook 2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-24 08:21 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-02-24 08:21 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-24 08:20 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-24 08:20 - 2009-07-14 12:39 - 00119860 _____ () C:\windows\setupact.log 2014-02-23 17:13 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-23 09:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job 2014-02-22 14:06 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log 2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 09:02 - 2014-02-22 08:55 - 00004788 _____ () C:\windows\RegBootClean.CFG 2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache 2014-02-21 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job 2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc 2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT 2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-02-21 09:51 - 2010-11-21 05:01 - 00789298 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla 2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys 2014-02-10 11:30 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-02-10 11:30 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-03 17:23 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype 2014-01-29 16:10 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014 01 Ran by internet at 2014-02-24 08:28:00 Running from D:\AntiVr\TrojaneroardSoftware Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Anki (HKLM\...\Anki) (Version: - ) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software) Borland Turbo Delphi (HKLM\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation) calibre (HKLM\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CNOSD (HKLM\...\{35F814AA-CB70-4927-A7BC-2B0D0F85F8C8}) (Version: 1.0.0.4 - cn_client) COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.) Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.03 - Corel Inc) Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Disk Space Fan 4 Free 4.5.1.129 (HKCU\...\Disk Space Fan 4 Free_is1) (Version: - Disk Space Fan Team) DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software) EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version: - EASEUS) EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo) Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.4 - Lenovo) Energy Management (Version: 6.0.2.4 - Lenovo) Hidden ETDWare PS/2-X86 8.0.4.5_WHQL (HKLM\...\Elantech) (Version: 8.0.4.5 - ELAN Microelectronic Corp.) FileZilla Client 3.7.1 (HKLM\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project) Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free 3GP Video Converter version 5.0.24.430 (HKLM\...\Free 3GP Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKCU\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) GNU Backgammon (MAIN branch, 20121023 code) (HKLM\...\GNU Backgammon_is1) (Version: - Free Software Foundation) Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Kyodai Mahjongg (HKLM\...\Kyodai Mahjongg_is1) (Version: - Rene-Gilles Deberdt) Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt) Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden Lenovo Registration (HKLM\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) LibreOffice 4.0.5.2 (HKLM\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation) LibreOffice 4.1 Help Pack (German) (HKLM\...\{F2087365-70E1-47F0-950F-A9844022279A}) (Version: 4.1.2.3 - The Document Foundation) Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia) Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation) Motorola Bluetooth (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.13.307 - Motorola Solutions, Inc.) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 16.0.2 (x86 de) (HKLM\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla) Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetWorx 5.2.8 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research) Neverball 1.5.4 (HKCU\...\Neverball) (Version: 1.5.4 - ) Opera 12.15 (HKCU\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PicPick (HKLM\...\PicPick) (Version: 3.3.0 - NTeWORKS) Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) QuickStart (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.23.199 - VideACE Co.) QuickStart (Version: 3.0.23.199 - VideACE Co.) Hidden ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6309 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.) Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software) Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - ) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform) StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com) TreeSize Free V2.7 (HKCU\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.1.6 - GridinSoft LLC) TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac) UserGuide (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (Version: 1.0.0.6 - Lenovo) Hidden Video Converter Factory Pro (HKLM\...\VideoConverterFactoryPro) (Version: - WonderFox Soft, Inc. All Rights Reserved.) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL)) Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WinHTTrack Website Copier 3.47-23 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.23 - HTTrack) WinSCP 4.3.7 (HKCU\...\winscp3_is1) (Version: 4.3.7 - Martin Prikryl) Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2009-07-14 10:04 - 2013-04-08 09:40 - 00000986 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => ? Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-19 04:08 - 2013-06-19 04:08 - 00093696 _____ () E:\Internet\FileZilla FTP Client\fzshellext.dll 2008-12-20 11:20 - 2008-12-20 11:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll 2013-10-19 12:51 - 2013-10-19 12:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-04-23 11:42 - 2008-07-26 19:56 - 00082944 _____ () D:\Programme\dsksve8\DeskSave.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 02:19:20 PM) (Source: PerfNet) (User: ) Description: Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 02:14:56 PM) (Source: Application Hang) (User: ) Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2330 Start Time: 01cf2f9444e21482 Termination Time: 59060 Application Path: E:\Program Files\java\bin\javaw.exe Report Id: Error: (02/22/2014 02:13:48 PM) (Source: Application Hang) (User: ) Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2014 Start Time: 01cf2f9457e12fd2 Termination Time: 4118 Application Path: E:\Program Files\java\bin\javaw.exe Report Id: System errors: ============= Error: (02/24/2014 08:22:34 AM) (Source: DCOM) (User: ) Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B} Error: (02/24/2014 08:22:20 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/24/2014 08:21:13 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (02/24/2014 08:20:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126 Error: (02/23/2014 05:41:28 PM) (Source: DCOM) (User: ) Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B} Error: (02/23/2014 05:40:26 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (02/23/2014 05:39:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126 Error: (02/23/2014 05:15:30 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/23/2014 05:15:08 PM) (Source: DCOM) (User: ) Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B} Error: (02/23/2014 05:14:21 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Microsoft Office Sessions: ========================= Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 02:19:20 PM) (Source: PerfNet)(User: ) Description: Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 02:14:56 PM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.510.13233001cf2f9444e2148259060E:\Program Files\java\bin\javaw.exe Error: (02/22/2014 02:13:48 PM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.510.13201401cf2f9457e12fd24118E:\Program Files\java\bin\javaw.exe ==================== Memory info =========================== Percentage of memory in use: 85% Total physical RAM: 2036.8 MB Available physical RAM: 296.82 MB Total Pagefile: 3636.8 MB Available Pagefile: 2044.98 MB Total Virtual: 2047.88 MB Available Virtual: 1905.37 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:29.3 GB) (Free:3.88 GB) NTFS Drive d: (System) (Fixed) (Total:30.38 GB) (Free:27.3 GB) NTFS Drive e: (Programme) (Fixed) (Total:39.06 GB) (Free:31.72 GB) NTFS Drive f: (Daten) (Fixed) (Total:39.06 GB) (Free:19.03 GB) NTFS Drive g: (MP3) (Fixed) (Total:97.66 GB) (Free:21.82 GB) NTFS Drive h: (Bilderr) (Fixed) (Total:97.66 GB) (Free:61.46 GB) NTFS Drive i: (Eigene) (Fixed) (Total:58.59 GB) (Free:40.79 GB) NTFS Drive k: (SundayBackups) (Fixed) (Total:59.09 GB) (Free:24.44 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Ich hoffe Euch damit erstmal alle notwendigen Daten geliefert zu habe. Hoffentlich könnt Ihr mir bei der Sache helfen. Ich bin mir im Moment nicht sicher, ob ich nun keine Schadware mehr habe (wie es der 2. Avast Scan sagt) oder ob ich nicht doch noch - mit Eurer Hilfe - die eigentlichen Schaddateien entfernen muss. Vielen Dank schon mal im Voraus Andreas! |
24.02.2014, 07:52 | #2 |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los? Hi,
__________________FRST bitte nochmal, unsere Tools brauchen immer Adminrechte.
__________________ |
24.02.2014, 08:18 | #3 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo,
__________________sorry - daran habe ich nicht mehr gedacht. Hier also nun das Protokoll mit Adminrechten erstellt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01 Ran by netbook (administrator) on NETBOOK-PC on 24-02-2014 15:06:01 Running from D:\AntiVr\TrojaneroardSoftware Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) D:\AntiVr\Superspyware\SASCORE.EXE (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe () C:\Program Files\cnosd\cnosdsrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\windows\system32\UI0Detect.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung Electronics Co., Ltd.) E:\Samsung PC Studio\NPSAgent.exe (NTeWORKS) E:\Imaging\PicPick\picpick.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [AutoStartNPSAgent] - E:\Samsung PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS) AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {1345153D-84A3-4DF1-A314-495C5CF015C5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Homepage: https://www.gmx.net/|hxxp://speedtest.net FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "192.168.0.103" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\webde-suche.xml FF Extension: German Dictionary - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de_DE@dicts.j3e.de [2013-10-18] FF Extension: United States English Spellchecker - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-05-21] FF Extension: TV-Fox - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-04-24] FF Extension: Live HTTP Headers - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-01] FF Extension: WOT - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-16] FF Extension: DownloadHelper - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-18] FF Extension: FoxClocks - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-12-10] FF Extension: Firebug - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-01] FF Extension: Open RegEdit Key - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-01] FF Extension: YSlow - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-01] FF Extension: Facebook Phishing Protector - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-01] FF Extension: X-notifier - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-01] FF Extension: FireFTP - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-01] FF Extension: Greasemonkey - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03] FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE CHR DefaultSearchKeyword: google.com.ph CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File CHR Extension: (AVG Security Toolbar) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-02-25] CHR Extension: (Google Wallet) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] ========================== Services (Whitelisted) ================= R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software) R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.) R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.) R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.) R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] () S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () S4 cmdAgent; [X] S4 FsUsbExService; [X] S4 VideAceWindowsService; [X] ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software) R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] () R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies) S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.) R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.) R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.) R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO) R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] () R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.) S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] () S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] () S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider) R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO) R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com) R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation ) R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:25 - 2014-02-24 15:06 - 00000000 ____D () C:\FRST 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls 2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys ==================== One Month Modified Files and Folders ======= 2014-02-24 15:06 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST 2014-02-24 15:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job 2014-02-24 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job 2014-02-24 15:06 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype 2014-02-24 15:04 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-02-24 15:04 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-24 14:48 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-24 14:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-24 13:32 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-24 13:32 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-24 13:24 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-24 13:24 - 2009-07-14 12:39 - 00119972 _____ () C:\windows\setupact.log 2014-02-24 12:17 - 2012-05-26 07:27 - 01511494 _____ () C:\windows\WindowsUpdate.log 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-24 08:23 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 14:06 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log 2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache 2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc 2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT 2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-02-21 09:51 - 2010-11-21 05:01 - 00789298 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla 2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys 2014-02-10 11:30 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-02-10 11:30 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-03 17:23 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-21 15:59 ==================== End Of Log ============================ Die Datei Addition.txt wurde aber nicht erneut erstellt. Danke und bis denn Andreas |
25.02.2014, 09:43 | #4 |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los? Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.02.2014, 11:45 | #5 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo, hier de geforderten Log's AdwCleaner: Code:
ATTFilter # AdwCleaner v3.019 - Report created 25/02/2014 at 17:35:22 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Starter Service Pack 1 (32 bits) # Username : netbook - NETBOOK-PC # Running from : D:\AntiVr\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v16.0.2 (de) [ File : C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\prefs.js ] [ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\prefs.js ] Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#wiedeia@google.mail].inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#wiedeia].inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#arthur1899@yahoo.com].inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sanduganbeach@yahoo.com].inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.gmail.wiedeia.inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.gmail.wiedeir.inboxOnly", true); Line Deleted : user_pref("extensions.xnotifier.accounts.yahoo.makunemulit@yahoo.com.inboxOnly", true); [ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default - Copy\prefs.js ] [ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.old\prefs.js ] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R1].txt - [2087 octets] - [25/02/2014 17:30:26] AdwCleaner[S1].txt - [2024 octets] - [25/02/2014 17:35:22] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2084 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Starter x86 Ran by netbook on Tue 02/25/2014 at 17:55:56.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== BTMTrayAgent REG_SZ rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\windows\system32\sho1A29.tmp Successfully deleted: [File] C:\windows\system32\sho1E2D.tmp Successfully deleted: [File] C:\windows\system32\sho1FCB.tmp Successfully deleted: [File] C:\windows\system32\sho2390.tmp Successfully deleted: [File] C:\windows\system32\sho2C51.tmp Successfully deleted: [File] C:\windows\system32\sho378E.tmp Successfully deleted: [File] C:\windows\system32\sho3DA.tmp Successfully deleted: [File] C:\windows\system32\sho43F6.tmp Successfully deleted: [File] C:\windows\system32\sho4AB9.tmp Successfully deleted: [File] C:\windows\system32\sho50C0.tmp Successfully deleted: [File] C:\windows\system32\sho59BB.tmp Successfully deleted: [File] C:\windows\system32\sho5A0A.tmp Successfully deleted: [File] C:\windows\system32\sho6542.tmp Successfully deleted: [File] C:\windows\system32\sho6CC0.tmp Successfully deleted: [File] C:\windows\system32\sho6D39.tmp Successfully deleted: [File] C:\windows\system32\sho7187.tmp Successfully deleted: [File] C:\windows\system32\sho7679.tmp Successfully deleted: [File] C:\windows\system32\sho7C0.tmp Successfully deleted: [File] C:\windows\system32\sho7F14.tmp Successfully deleted: [File] C:\windows\system32\sho89C9.tmp Successfully deleted: [File] C:\windows\system32\sho8C37.tmp Successfully deleted: [File] C:\windows\system32\sho8C3D.tmp Successfully deleted: [File] C:\windows\system32\sho8D9F.tmp Successfully deleted: [File] C:\windows\system32\sho910D.tmp Successfully deleted: [File] C:\windows\system32\sho9535.tmp Successfully deleted: [File] C:\windows\system32\sho9A21.tmp Successfully deleted: [File] C:\windows\system32\shoA0C2.tmp Successfully deleted: [File] C:\windows\system32\shoA36F.tmp Successfully deleted: [File] C:\windows\system32\shoA64C.tmp Successfully deleted: [File] C:\windows\system32\shoA73F.tmp Successfully deleted: [File] C:\windows\system32\shoA8E2.tmp Successfully deleted: [File] C:\windows\system32\shoAB9E.tmp Successfully deleted: [File] C:\windows\system32\shoAE30.tmp Successfully deleted: [File] C:\windows\system32\shoBD09.tmp Successfully deleted: [File] C:\windows\system32\shoC0F9.tmp Successfully deleted: [File] C:\windows\system32\shoC54B.tmp Successfully deleted: [File] C:\windows\system32\shoDCD8.tmp Successfully deleted: [File] C:\windows\system32\shoE077.tmp Successfully deleted: [File] C:\windows\system32\shoE3B9.tmp Successfully deleted: [File] C:\windows\system32\shoEEDB.tmp ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 02/25/2014 at 18:13:20.45 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01 Ran by netbook (administrator) on NETBOOK-PC on 25-02-2014 18:36:38 Running from D:\AntiVr\TrojaneroardSoftware Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) D:\AntiVr\Superspyware\SASCORE.EXE (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe () C:\Program Files\cnosd\cnosdsrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe (Samsung Electronics Co., Ltd.) E:\Samsung PC Studio\NPSAgent.exe (NTeWORKS) E:\Imaging\PicPick\picpick.exe (Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [AutoStartNPSAgent] - E:\Samsung PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS) AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {1345153D-84A3-4DF1-A314-495C5CF015C5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) Tcpip\..\Interfaces\{8D9DBDAF-6B79-4E33-B3FB-E5D99ED809E5}: [NameServer]192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default FF Homepage: https://www.gmx.net/|hxxp://speedtest.net FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "192.168.0.103" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\webde-suche.xml FF Extension: German Dictionary - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de_DE@dicts.j3e.de [2013-10-18] FF Extension: United States English Spellchecker - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-05-21] FF Extension: TV-Fox - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-04-24] FF Extension: Live HTTP Headers - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-01] FF Extension: WOT - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-16] FF Extension: DownloadHelper - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-18] FF Extension: FoxClocks - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-12-10] FF Extension: Firebug - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-01] FF Extension: Open RegEdit Key - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-01] FF Extension: YSlow - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-01] FF Extension: Facebook Phishing Protector - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-01] FF Extension: X-notifier - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-01] FF Extension: FireFTP - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-01] FF Extension: Greasemonkey - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03] FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE CHR DefaultSearchKeyword: google.com.ph CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File CHR Extension: (Google Wallet) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] ========================== Services (Whitelisted) ================= R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software) R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.) R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.) R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.) R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] () S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () S4 cmdAgent; [X] S4 FsUsbExService; [X] S4 VideAceWindowsService; [X] ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software) R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] () R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies) S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.) R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.) R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.) R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO) R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] () R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.) S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] () S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] () S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider) R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO) R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com) R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation ) R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt 2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT 2014-02-25 17:26 - 2014-02-25 17:36 - 00000000 ____D () C:\AdwCleaner 2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:25 - 2014-02-25 18:36 - 00000000 ____D () C:\FRST 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls 2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys ==================== One Month Modified Files and Folders ======= 2014-02-25 18:36 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST 2014-02-25 18:34 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-25 18:34 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype 2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt 2014-02-25 18:10 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-25 18:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job 2014-02-25 17:58 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-25 17:58 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT 2014-02-25 17:51 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-02-25 17:51 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-25 17:50 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-25 17:50 - 2009-07-14 12:39 - 00120476 _____ () C:\windows\setupact.log 2014-02-25 17:49 - 2012-05-26 07:27 - 01561198 _____ () C:\windows\WindowsUpdate.log 2014-02-25 17:48 - 2012-11-02 08:20 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\LibreOffice 2014-02-25 17:36 - 2014-02-25 17:26 - 00000000 ____D () C:\AdwCleaner 2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe 2014-02-25 17:19 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype 2014-02-25 16:02 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF 2014-02-25 13:36 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook 2014-02-25 12:23 - 2010-11-21 05:01 - 00796684 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-25 11:26 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-02-25 11:26 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log 2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache 2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc 2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT 2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla 2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys 2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\netbook\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-21 15:59 ==================== End Of Log ============================ Danke und bis denn Andreas |
26.02.2014, 10:57 | #6 |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Wie werde ich HTML:Incuder-AY[Trj] los? |
27.02.2014, 03:20 | #7 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hi Schrauber, ich wollte gerade alles so machen, wie Du mir geschrieben hast. Aber ich bekomme mit dem Eset Smartinstaller ein Problem. Nach dem Start will das Programm ein paar Updates herunterladen und das klappt nicht. Ich bekomme die Meldung "Can not get Updates. Is Proxy configured?" Ich surfe aber ohne Proxy - allerdings mit Router (Laptop ist im WLAN). Das komische ist auch, dass ich zwar einen Ping z.B. auf Google absetzen kann, der abere immer auf "request timed out" kommt. Mit FireFox kann ich aber normal im Internet surfen. Ein Speedtest zeigt mir einen Ping von 33 ms und 1500 kbps an - also schnell genug bin ich. Das Virenprogramm und die Firewall habe ich (wenn auch mit unguten Gefühlen) wie gefordert abgeschaltet. Ich weiß im Moment nicht, wie ich das Programm Eset Smartinstaller laufen lassen soll. Werkelt da etwa schon der Virus ? Ist doch merkwürdig, dass das mit dem Ping nicht klappt. Oder muss ich mit dem Programm Eset Smartinstaller noch was machen? Gruß Andreas |
27.02.2014, 18:41 | #8 |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los? Lass ESET weg, mach dafür bitte nen Vollscan mit deinem AV Programm.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.02.2014, 04:11 | #9 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo Schrauber, hier die neuesten Ergebnisse inklusive einiger Anmerkungen: A) Avast Startzeit Überprüfung über alle Laufwerken Code:
ATTFilter 02/28/2014 07:21 Prüfung aller lokalen Laufwerke Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.} Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei E:\Program Files\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei E:\Program Files\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.} Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.} Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.} Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.} Anzahl durchsuchter Ordner: 55917 Anzahl der geprüften Dateien: 1905699 Anzahl infizierter Dateien: 0 Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 51 Adobe Flash Player 12.0.0.70 Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` A) Morzilla FireFox wird als Version 16.0.2 erkannt und ist damit out of Date. Wenn ich im Browser die Version anzeigen lasse heißt es FireFox sei mit 27.0.1 up to date. Die ist auch gerade erst neulich über den automatichen Update heruntergeladen worden. B) Meine Comodo Firewall sei nicht aktiv. Die Windows Firewall habe ich disabled Als ich dann die Comodo manuell starten wollten, bemerkte ich, dass die Datei "cfp.exe" nicht im normalen Verzeichnis vorhanden war. Ich fand sie in dem Verzeichnis "repair" und versuchte sie von dort zu starten. Da bekam ich diese Fehlermeldung: Code:
ATTFilter --------------------------- COMODO Firewall --------------------------- Error while loading resources from "E:\Program Files\COMODO\COMODO Internet Security\repair\Themes\default.set". Aborting application. Ich hoffe, das hat nichts böses zu bedeuten! C) Frisches FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01 Ran by internet (ATTENTION: The logged in user is not administrator) on NETBOOK-PC on 28-02-2014 10:37:09 Running from D:\AntiVr\TrojaneroardSoftware Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () D:\Programme\dsksve8\DeskSave.exe (NTeWORKS) E:\Imaging\PicPick\picpick.exe (Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Mozilla Corporation) E:\Internet\FireFox\firefox.exe (Mozilla Corporation) E:\Internet\FireFox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.) HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software) HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [Google Update] - C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.) HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [DeskSave] - D:\Programme\dsksve8\DeskSave.exe [82944 2008-07-26] () HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [SUPERAntiSpyware] - D:\AntiVr\Superspyware\SUPERAntiSpyware.ex_ HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS) AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A52C2B2D-E755-4837-BA84-049847A21828}&mid=e8c015351f7347d0bd7fd1553d990405-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=bm013&pr=sa&d=2012-11-08 15:18:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) Tcpip\..\Interfaces\{8D9DBDAF-6B79-4E33-B3FB-E5D99ED809E5}: [NameServer]192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: https://www.gmx.net/|hxxp://speedtest.net FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "http", "192.168.0.103" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\webde-suche.xml FF Extension: German Dictionary - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-04] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de_DE@dicts.j3e.de [2013-09-14] FF Extension: United States English Spellchecker - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24] FF Extension: Free Download Manager plugin - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-03-18] FF Extension: FireShot - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-30] FF Extension: TV-Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-03-31] FF Extension: Live HTTP Headers - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-04] FF Extension: WOT - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01] FF Extension: DownloadHelper - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28] FF Extension: FoxClocks - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24] FF Extension: Memory Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-02-24] FF Extension: Firebug - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-04] FF Extension: Open RegEdit Key - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-04] FF Extension: SQLite Manager - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-05-25] FF Extension: GMX MailCheck - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\toolbar@gmx.net.xpi [2012-11-04] FF Extension: YSlow - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-04] FF Extension: Facebook Phishing Protector - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-04] FF Extension: X-notifier - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-04] FF Extension: FireFTP - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-04] FF Extension: Greasemonkey - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-04] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03] FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE CHR DefaultSearchKeyword: google.com.ph CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File CHR Extension: (YouTube) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31] CHR Extension: (Google Search) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31] CHR Extension: (avast! Online Security) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19] CHR Extension: (Mailvelope) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2013-11-02] CHR Extension: (Google Wallet) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27] CHR Extension: (Gmail) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31] ========================== Services (Whitelisted) ================= R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software) R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.) R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.) R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.) R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] () R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () S4 cmdAgent; [X] S4 FsUsbExService; [X] S4 VideAceWindowsService; [X] ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software) R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] () R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies) S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.) R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.) R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.) R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO) R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] () R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.) S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] () S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] () S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider) R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO) R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com) R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation ) R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-27 09:54 - 2014-02-27 09:54 - 00000000 ____D () C:\Program Files\ESET 2014-02-26 09:21 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt 2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT 2014-02-25 17:26 - 2014-02-25 17:36 - 00000000 ____D () C:\AdwCleaner 2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:25 - 2014-02-28 10:37 - 00000000 ____D () C:\FRST 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls 2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys ==================== One Month Modified Files and Folders ======= 2014-02-28 10:37 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST 2014-02-28 10:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-28 10:21 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-28 10:21 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-28 10:20 - 2012-05-26 07:27 - 01665851 _____ () C:\windows\WindowsUpdate.log 2014-02-28 10:11 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-02-28 10:11 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-28 10:11 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-28 10:11 - 2009-07-14 12:39 - 00120868 _____ () C:\windows\setupact.log 2014-02-28 07:17 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-27 17:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job 2014-02-27 17:04 - 2010-11-21 05:01 - 00796684 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-27 15:11 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job 2014-02-27 09:54 - 2014-02-27 09:54 - 00000000 ____D () C:\Program Files\ESET 2014-02-27 09:50 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype 2014-02-27 09:10 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache 2014-02-26 17:48 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype 2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt 2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT 2014-02-25 17:48 - 2012-11-02 08:20 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\LibreOffice 2014-02-25 17:36 - 2014-02-25 17:26 - 00000000 ____D () C:\AdwCleaner 2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe 2014-02-25 16:02 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF 2014-02-25 13:36 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook 2014-02-25 11:26 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-02-25 11:26 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt 2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable 2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk 2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft 2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes 2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST 2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG 2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log 2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe 2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe 2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil 2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache 2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes 2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc 2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT 2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla 2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys 2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\netbook\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- --- --- --- Lieben Gruß und vielen Dank bis hierhin Andreas |
01.03.2014, 10:33 | #10 |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los? Firefox ist ne Falschanzeige, Comodo mal neu installieren. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.03.2014, 07:22 | #11 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo Schrauber, also erst mal ganz herzlichen Dank für Deine Hilfe und die Zeit, die Du in mein Problem investiert hast. Das ist schon ein großartiger Service, den man hier bei Euch bekommt. Werde ich gleich auch noch in den Link schreiben, den Du mir genannt hast. Ist auch toll mit dem zusätzlichen Service über all die Sicherheitshinweise. Ich bin zwar schon ein Sicherheitsfreak und daher war mir das meiste bekannt. Aber viele wissen ja nicht allzu viel darüber und hier war es sehr schön übersichtlich aufgelistet! DelFix habe ich ausgeführt und es ist ohne Probleme zu Ende gekommen. Ein wenig vermisse ich ein Fazit von der ganzen Sache. Bin ich nun wirklich alles los? War da eigentlich was oder sind nur infizierte Dateien gefunden worden? Was ist mit dem anderen Befund, der in dem Avast Protikoll hochgekommen ist (Other:Malware-gen [Trj])? Kann ich davon ausgehen, das der auch bereinigt ist? Sorry, ich weiß, in meinem Titel stand nur was vom HTML:Incuder-AY[Trj] drin. Aber aus dem Avast Protokoll ging der andere ja auch hervor. Vielleicht kannst Du ja dazu auch noch kurz was sagen. Ansonsten wie gesagt: Vielen Dank und 'ne schöne Zeit noch Andreas! |
03.03.2014, 08:13 | #12 | |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los?Zitat:
Jetzt ist alles sauber, alle Funde wurden entfernt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.03.2014, 11:27 | #13 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Hallo Schrauber, nee, ich glaube nicht, dass das das Gleiche ist. Das eine sind infizierte Dateien, die von dem Virus befallen sind und diesen dann auf andere Computer weiter tragen können (indem sie dort z. B. dann ausgeführt werden). Solche Dateien müssen dann auf Deinem System nicht unbedingt schädlich sein. Ich würde sie mal als sogenannte Schläfer bezeichnen. Da andere - und ja wohl wesentlich gefährlichere - ist der Virus selber, wenn er denn durch die sog. Schläfer zum Leben erwacht ist und sich auf Deinem System eingenistet hat. Dann findet man oft ja die verschiedensten Dateien und Orte, an denen sich der Virus verteilt hat und da nutzt es dann auch nichts, wenn ein Anti Viren Programm die befallenen Dateien in den Container stellt. Und das habe ich gemeint. Aber ich bin eigentlich davon ausgegangen, dass Dir dieser Sachverhalt bekannt ist. Ich werde aber dann mal Deine Aussage, das jetzt alles sauber ist, mit Freuden aufnehmen und mir nicht mehr allzu viele Gedanken machen. Danke nochmals und bis denn Andreas! |
04.03.2014, 09:41 | #14 | |
/// the machine /// TB-Ausbilder | Wie werde ich HTML:Incuder-AY[Trj] los?Zitat:
Du musst nur eines wissen: Diesen Unterschied gibt es nicht / nicht mehr / nur bei speziellen Infektionen (File Infector). Im allgemeinen gibt es solche Schläfer nicht, erst recht nicht bei nerviger Adware und Co.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.03.2014, 10:08 | #15 |
| Wie werde ich HTML:Incuder-AY[Trj] los? Ok -Danke für die Antwort! Von mir aus kann das Thema damit beendet werden. Werde vielleicht demnächst ein neues eröffnen müssen. Scanne gerade den Desktop und auch dort gab es wohl einige Befunde. Aber das ist ja ein anderes Thema ! Schoene Tage noch Andreas! |
Themen zu Wie werde ich HTML:Incuder-AY[Trj] los? |
antivirus, avg security toolbar, bereinigen, cid, converter, desktop, dvdvideosoft ltd., entfernen, error, failed, firefox, flash player, free download, google, helper, homepage, mozilla, mp3, newtab, phishing, problem, programm, realtek, scan, schadware, security, siteadvisor, svchost.exe, system, trojaner html:includer-ay, virus, windows |