Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Wie werde ich HTML:Incuder-AY[Trj] los?

Wie werde ich HTML:Incuder-AY[Trj] los?


Log-Analyse und Auswertung: Wie werde ich HTML:Incuder-AY[Trj] los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.02.2014, 04:31   #1
wbtroj
 
Wie werde ich HTML:Incuder-AY[Trj] los? - Standard

Wie werde ich HTML:Incuder-AY[Trj] los?


Hallo,
nach einem Virenscan (Startzeit Überprüfung) mit Avast (neueste Version, Viren Update aktuell) wurden 23 infizierte Dateien gefunden und in den Viren Container verschoben.
Log-Datei:
Code:
ATTFilter
02/22/2014 09:32
Prüfung aller lokalen Laufwerke

Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei I:\Eigene Dateien\Iris\Beef Tapa Recipe l-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Camaron Rebosado-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Macaroni -ChickenSalad -Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\schnittlauch-eier-dip.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\teelichthalter-basteln.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Pork Tapa Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Cheese Sticks-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\kuerbis-sugo_.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data_002\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\muffins_joghurt.html ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\osterbecher.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\servietten-osterhase.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Egg-deep-fried-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chocolate Brownies.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chocolate Cupcakes.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chicken Breasts Moroccan Spiced Grilled .htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chicken Peanut Stews.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei K:\Internet\FireFox\Profile\Desktop_20June2013\bkehi1ow.default\extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-03-31.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-04-30.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-05-07.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 56229
Anzahl der geprüften Dateien: 1911830
Anzahl infizierter Dateien: 23
----------------------------------------
Bevor ich mich dann an Eure Seite hier und die gute Hilfe, die man hier bekommt, erinnerte, habe ich noch folgende Aktion durchgeführt:
A) Das Programm Trojan Killer laufen lassen. Ergebnisse:
Code:
ATTFilter
Trojan Killer (32-bit) v.2.2.1.6
Report file date: 2/23/2014 10:24:43 AM
Last update : --

Scanning for 746444 virus strains and unwanted programs.

Licensed:         UNREGISTERED
Windows version:  Windows 7 Starter (version 6.1)
Username:         netbook
Computer name:    NETBOOK-PC

Starting the file scan:

Standard Scan started
Startup objects checked
BHO plugins checked
Services checked
ActiveX objects checked
Files checked
Scanning process...
----- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Report "\adwcleaner\adwcleaner[s0].txt" ---- Registry
	File-not-found#AS


----- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UpdatePRCShortCut ""c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe" "c:\program files\lenovo\onekey app\onekey recovery" updatewithcreateonce "software\lenovo\onekey app\onekey recovery"" ---- Registry
	File-not-found#AS


----- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv "grpconv -o" ---- Registry
	File-not-found#AS


----- e:\progra~1\ratdvd\xeb\xebcore.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: C711B758282C8B6280F2FD45B569A679:571904
	SUBS: Win32 GUI
	PE: x86
	EPSEC: 7
	EPRVA: 0011B001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00B01100807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:F639EEF27ECBA542BFE3B861A8BBCABE:353280
		:E0000040:81BBBF8C0CC76991E84645D96F59E3A6:7168
		:E0000040:00000000000000000000000000000000:0
		:E0000040:7FE5590E319CF09113C5CDEF65947260:10240
		:E0000040:53D34698542AAA60D8D2EF5B98B43F1A:512
		:E0000040:A52F888B761E8716DED9D24252E6234A:33792
		.rsrc:E0000040:47F0CF55D9619157CE718E50E7583A62:40448
		.data:E0000040:38C44DFE831262F1975B718283DB802F:125440
		.adata:E0000040:00000000000000000000000000000000:0


----- e:\progra~1\ratdvd\xeb\rattag.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: 2B7B660D3B189F373AB7A3CD2CCD20EF:225280
	SUBS: Win32 GUI
	FUZ: 6144:bG2Dh+ishWxpaZU3Ll3OEUx3HhQ1eIIFmGMmBjE:bGCh+ispU35OB6eNFtMmJE
	PE: x86
	EPSEC: 7
	EPRVA: 00044001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00400400807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:3DFBD399538DC72F315C333C13EA0E97:88576
		:E0000040:610EF0591E77C9E16F9E8CBA63C5FBB5:1536
		:E0000040:00000000000000000000000000000000:0
		:E0000040:27E658ECD62F179418266EF8C3EE4A68:3584
		:E0000040:9E80FC4BB728D667AA64B2F4CE0EC152:512
		:E0000040:4078F271A05E5DE39605B30763C9DC2B:10752
		.rsrc:E0000040:D9E87628C45FC386BA127BB719AA6CE5:3584
		.data:E0000040:0253E9BC617F03F9CBB584B057A603C0:115200
		.adata:E0000040:00000000000000000000000000000000:0


----- e:\progra~1\ratdvd\xeb\fcfolder.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: F93E519C817A38008C20AA84AB2BCD7D:178688
	SUBS: Win32 GUI
	FUZ: 3072:6UdhRcqNth1ZcIs3txpVsoKLEZQc3HuwejbhVMIIF2hf2JnnUx9wOmBHh/r3CNS:hFhhs3t/VY0x3HhQ1eIIFmGMmBV35
	PE: x86
	EPSEC: 7
	EPRVA: 00025001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00500200807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:69064E587A294652E1039C21D079E339:48128
		:E0000040:655E49DA1B0BDA906A2735683D4F21AA:1024
		:E0000040:00000000000000000000000000000000:0
		:E0000040:4C7DB3636CB4DF826DFA344F6E6AD68E:3072
		:E0000040:1942724016C474DBCCA6F18A9F9E18A8:512
		:E0000040:CB8D3A3B1DA5F8188EAC537E3B6C04AB:6656
		.rsrc:E0000040:82B262C9841EBA552F8A534F5E0017FF:3072
		.data:E0000040:4C512D62F1C8E1A2B4E49D37A7B9654E:115200
		.adata:E0000040:00000000000000000000000000000000:0


----- C:\Users\netbook\AppData\Local\Temp\SCC.dll ---- General
	Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 22200, Total filesize 77031)
	MD5: FD13D1FD4372787DA319750AF7E1B58C:77031
	SUBS: Win32 GUI
	FUZ: 1536:6ELulWx8eA/jke1L0tT14//sK8JZQwtDRldPJZyAWeloNhg:6Edx8ekstT16/sK8J3lPJZyio7g
	PE: x86
	EP:00
	SEC:
		.text:E0000020:1E4B4664B3E541F76C297F27AE250275:76007
		.rsrc:E0000020:00000000000000000000000000000000:5632
		:C0000040:00000000000000000000000000000000:0


Scan completed

Scan result:         7 detected items
Scan completed in:   Scan completed in 27 minute(s) 53 sec.
Files were scanned:  13926
Dann noch einen QuickScan mit Malwarebytes Anti-Malware (aktuelle Version) gemacht:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
internet :: NETBOOK-PC [limited]

Protection: Disabled

2/23/2014 9:56:29 AM
mbam-log-2014-02-23 (09-56-29).txt

Scan type: Custom scan (C:\Program Files|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 7910
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Dann nochmal Avast laufen lassen:
Code:
ATTFilter
02/22/2014 14:33
Prüfung aller lokalen Laufwerke

Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 56133
Anzahl der geprüften Dateien: 1912032
Anzahl infizierter Dateien: 0
Es wurden keine Infektionen mehr gefunden.


Danach bin ich dann auf Eure Seite und habe erstmal alle geforderten Protokolle erstellt. Hier die Ergebnisse:

A) Defrogger => wurde erfolgreich beendet und habe ich nicht wieder re-enabled

B) FRST
1: FRST.txt => erstellt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by internet (ATTENTION: The logged in user is not administrator) on NETBOOK-PC on 24-02-2014 08:25:55
Running from D:\AntiVr\TrojaneroardSoftware
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Programme\dsksve8\DeskSave.exe
(NTeWORKS) E:\Imaging\PicPick\picpick.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\c96afbec-8119-4e6d-9278-25ac133224ad.exe /check [181136 2014-02-22] (AVAST Software)
HKLM\...\RunOnce: [DCERegBootClean] - C:\windows\RegBootClean.exe [181776 2014-02-22] ()
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [Google Update] - C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [DeskSave] - D:\Programme\dsksve8\DeskSave.exe [82944 2008-07-26] ()
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [SUPERAntiSpyware] - D:\AntiVr\Superspyware\SUPERAntiSpyware.ex_
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS)
AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A52C2B2D-E755-4837-BA84-049847A21828}&mid=e8c015351f7347d0bd7fd1553d990405-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=bm013&pr=sa&d=2012-11-08 15:18:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "192.168.0.103"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\webde-suche.xml
FF Extension: German Dictionary - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-04]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: United States English Spellchecker - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Free Download Manager plugin - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-03-18]
FF Extension: FireShot - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-30]
FF Extension: TV-Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-03-31]
FF Extension: Live HTTP Headers - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-04]
FF Extension: WOT - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: DownloadHelper - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: FoxClocks - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24]
FF Extension: Memory Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-02-24]
FF Extension: Firebug - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-04]
FF Extension: Open RegEdit Key - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-04]
FF Extension: SQLite Manager - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-05-25]
FF Extension: GMX MailCheck - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\toolbar@gmx.net.xpi [2012-11-04]
FF Extension: YSlow - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-04]
FF Extension: Facebook Phishing Protector - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-04]
FF Extension: X-notifier - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-04]
FF Extension: FireFTP - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-04]
FF Extension: Greasemonkey - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31]
CHR Extension: (Google Search) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31]
CHR Extension: (avast! Online Security) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Mailvelope) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2013-11-02]
CHR Extension: (AVG Security Toolbar) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-26]
CHR Extension: (Google Wallet) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31]

========================== Services (Whitelisted) =================

R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software)
R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.)
R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] ()
R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S4 cmdAgent;  [X]
S4 FsUsbExService;  [X]
S4 VideAceWindowsService;  [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] ()
S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:55 - 2014-02-22 09:02 - 00004788 _____ () C:\windows\RegBootClean.CFG
2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-24 08:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-24 08:24 - 2012-05-26 07:27 - 01472710 _____ () C:\windows\WindowsUpdate.log
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-24 08:23 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook
2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 08:21 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-24 08:21 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 08:20 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-24 08:20 - 2009-07-14 12:39 - 00119860 _____ () C:\windows\setupact.log
2014-02-23 17:13 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-23 09:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job
2014-02-22 14:06 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log
2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 09:02 - 2014-02-22 08:55 - 00004788 _____ () C:\windows\RegBootClean.CFG
2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-02-21 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job
2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-21 09:51 - 2010-11-21 05:01 - 00789298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla
2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys
2014-02-10 11:30 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-10 11:30 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-03 17:23 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-01-29 16:10 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
2. Addition.txt = erstellt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014 01
Ran by internet at 2014-02-24 08:28:00
Running from D:\AntiVr\TrojaneroardSoftware
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Borland Turbo Delphi (HKLM\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
calibre (HKLM\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CNOSD (HKLM\...\{35F814AA-CB70-4927-A7BC-2B0D0F85F8C8}) (Version: 1.0.0.4 - cn_client)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.03 - Corel Inc)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Disk Space Fan 4 Free 4.5.1.129 (HKCU\...\Disk Space Fan 4 Free_is1) (Version:  - Disk Space Fan Team)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.4 - Lenovo)
Energy Management (Version: 6.0.2.4 - Lenovo) Hidden
ETDWare PS/2-X86 8.0.4.5_WHQL (HKLM\...\Elantech) (Version: 8.0.4.5 - ELAN Microelectronic Corp.)
FileZilla Client 3.7.1 (HKLM\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free 3GP Video Converter version 5.0.24.430 (HKLM\...\Free 3GP Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
FreeCommander 2009.02b (HKCU\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GNU Backgammon (MAIN branch, 20121023 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kyodai Mahjongg (HKLM\...\Kyodai Mahjongg_is1) (Version:  - Rene-Gilles Deberdt)
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
LibreOffice 4.0.5.2 (HKLM\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1 Help Pack (German) (HKLM\...\{F2087365-70E1-47F0-950F-A9844022279A}) (Version: 4.1.2.3 - The Document Foundation)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Motorola Bluetooth (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.13.307 - Motorola Solutions, Inc.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 16.0.2 (x86 de) (HKLM\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWorx 5.2.8 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Neverball 1.5.4 (HKCU\...\Neverball) (Version: 1.5.4 - )
Opera 12.15 (HKCU\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.3.0 - NTeWORKS)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
QuickStart (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.23.199 - VideACE Co.)
QuickStart (Version: 3.0.23.199 - VideACE Co.) Hidden
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6309 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TreeSize Free V2.7 (HKCU\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.1.6 - GridinSoft LLC)
TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
UserGuide (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (Version: 1.0.0.6 - Lenovo) Hidden
Video Converter Factory Pro (HKLM\...\VideoConverterFactoryPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-23 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.23 - HTTrack)
WinSCP 4.3.7 (HKCU\...\winscp3_is1) (Version: 4.3.7 - Martin Prikryl)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 10:04 - 2013-04-08 09:40 - 00000986 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-19 04:08 - 2013-06-19 04:08 - 00093696 _____ () E:\Internet\FileZilla FTP Client\fzshellext.dll
2008-12-20 11:20 - 2008-12-20 11:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-10-19 12:51 - 2013-10-19 12:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-23 11:42 - 2008-07-26 19:56 - 00082944 _____ () D:\Programme\dsksve8\DeskSave.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:19:20 PM) (Source: PerfNet) (User: )
Description: 

Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:14:56 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2330

Start Time: 01cf2f9444e21482

Termination Time: 59060

Application Path: E:\Program Files\java\bin\javaw.exe

Report Id:

Error: (02/22/2014 02:13:48 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2014

Start Time: 01cf2f9457e12fd2

Termination Time: 4118

Application Path: E:\Program Files\java\bin\javaw.exe

Report Id:


System errors:
=============
Error: (02/24/2014 08:22:34 AM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/24/2014 08:22:20 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2014 08:21:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/24/2014 08:20:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/23/2014 05:41:28 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/23/2014 05:40:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/23/2014 05:39:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/23/2014 05:15:30 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/23/2014 05:15:08 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/23/2014 05:14:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom


Microsoft Office Sessions:
=========================
Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:19:20 PM) (Source: PerfNet)(User: )
Description: 

Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:14:56 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13233001cf2f9444e2148259060E:\Program Files\java\bin\javaw.exe

Error: (02/22/2014 02:13:48 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13201401cf2f9457e12fd24118E:\Program Files\java\bin\javaw.exe


==================== Memory info =========================== 

Percentage of memory in use: 85%
Total physical RAM: 2036.8 MB
Available physical RAM: 296.82 MB
Total Pagefile: 3636.8 MB
Available Pagefile: 2044.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.3 GB) (Free:3.88 GB) NTFS
Drive d: (System) (Fixed) (Total:30.38 GB) (Free:27.3 GB) NTFS
Drive e: (Programme) (Fixed) (Total:39.06 GB) (Free:31.72 GB) NTFS
Drive f: (Daten) (Fixed) (Total:39.06 GB) (Free:19.03 GB) NTFS
Drive g: (MP3) (Fixed) (Total:97.66 GB) (Free:21.82 GB) NTFS
Drive h: (Bilderr) (Fixed) (Total:97.66 GB) (Free:61.46 GB) NTFS
Drive i: (Eigene) (Fixed) (Total:58.59 GB) (Free:40.79 GB) NTFS
Drive k: (SundayBackups) (Fixed) (Total:59.09 GB) (Free:24.44 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
C) Gmer.txt => erstellt und aufgrund der Größe als zip im Anhang mit versendet.

Ich hoffe Euch damit erstmal alle notwendigen Daten geliefert zu habe. Hoffentlich könnt Ihr mir bei der Sache helfen. Ich bin mir im Moment nicht sicher, ob ich nun keine Schadware mehr habe (wie es der 2. Avast Scan sagt) oder ob ich nicht doch noch - mit Eurer Hilfe - die eigentlichen Schaddateien entfernen muss.

Vielen Dank schon mal im Voraus
Andreas!

 

Themen zu Wie werde ich HTML:Incuder-AY[Trj] los?
antivirus, avg security toolbar, bereinigen, cid, converter, desktop, dvdvideosoft ltd., entfernen, error, failed, firefox, flash player, free download, google, helper, homepage, mozilla, mp3, newtab, phishing, problem, programm, realtek, scan, schadware, security, siteadvisor, svchost.exe, system, trojaner html:includer-ay, virus, windows


« Lange Wartezeit beim Hochfahren | Windows 8: Rechner Extram langsam und überlastet »


Ähnliche Themen: Wie werde ich HTML:Incuder-AY[Trj] los?


  1. Windows 7: Verschiedene Virenmeldungen: ADWARE/FDealPly.I - HTML/FCrypted.Gen - HTML/FExpKit.Gen3
    Log-Analyse und Auswertung - 26.04.2015 (11)
  2. chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 14.02.2015 (25)
  3. Hilfe ich habe mir was gefangen:chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 16.01.2015 (17)
  4. Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  5. Windows 7: resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 16.12.2014 (9)
  6. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 10.11.2014 (10)
  7. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 08.09.2014 (11)
  8. Infected Html ? ist das ein Problem ? Und wie werde ich es los ?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (1)
  9. Virenfund !! HTML Scriptvirus HTML/Dldr.Dawn.X1 Was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2011 (25)
  10. TR/Kazy.12044.psa und HTML Scriptvirus HTML/Infected.WebPage.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (1)
  11. Wie entferne ich HTML-Scriptvirus HTML/Drop.Agent.AB & W32/Ramnit.A
    Plagegeister aller Art und deren Bekämpfung - 10.12.2010 (32)
  12. HTML/Infected.WebPage.Gen - Wie werde ich das los?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (7)
  13. TR/Agent.AR,TR/Click.Klik,HEUR/HTML.Malware,HTML/Crypted.Gen, dwwin.exe, drwtsu32.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (1)
  14. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)
  15. HEUR/HTML.Malware und ADSPY/Ivefound auf PC gefunden! Wie werde ich sie los?
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (6)
  16. TR/Rootkit.Gen & HTML/Infected.WebPage.Gen' & HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.06.2009 (31)
  17. Antivir Update funktioniert nicht (HTML/IFrame.Age.tih & HEUR/Exploit.HTML gefunden)
    Plagegeister aller Art und deren Bekämpfung - 05.12.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Wie werde ich HTML:Incuder-AY[Trj] los? - Hallo, nach einem Virenscan (Startzeit Überprüfung) mit Avast (neueste Version, Viren Update aktuell) wurden 23 infizierte Dateien gefunden und in den Viren Container verschoben. Log-Datei: Code: Alles auswählen Aufklappen ATTFilter - Wie werde ich HTML:Incuder-AY[Trj] los?...
Archiv
Du betrachtest: Wie werde ich HTML:Incuder-AY[Trj] los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19